You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by FRuG FoREST <fr...@gmail.com> on 2004/07/20 04:29:36 UTC
SVN: Mailing Archive: Email's public, open to spammers?
After my post, I noticed that my email is now posted on the
SVN-Users Email list archive
http://subversion.tigris.org/servlets/SummarizeList?listName=users
The unfortunate part, is that my email is now exposed to those email
crawlers, and spammers.
Any way I could have my email 'disguized' or partially blocked?
(Latest thing I've seen is encodeing the email in ASCII coding
#128;#0124;#0069;#042 etc.... or could even 'plain english' as
something simple as.... MY (AT) EMAIL DOT COM )
Or even, just having the archive generally disguising the emails that
are in there, would be a good plan too.
Make sense? Possible now after the fact?
Thanks,
-FRuG
--
Gmail.com vs. Ask-backwards, confirmation mail checker, http://www.paganini.net
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SVN: Mailing Archive: Email's public, open to spammers?
Posted by Martin Probst <ma...@martin-probst.com>.
I would highly appreciate this too.
Am Di, den 20.07.2004 schrieb FRuG FoREST um 6:29:
> After my post, I noticed that my email is now posted on the
> SVN-Users Email list archive
> http://subversion.tigris.org/servlets/SummarizeList?listName=users
>
> The unfortunate part, is that my email is now exposed to those email
> crawlers, and spammers.
>
> Any way I could have my email 'disguized' or partially blocked?
> (Latest thing I've seen is encodeing the email in ASCII coding
> #128;#0124;#0069;#042 etc.... or could even 'plain english' as
> something simple as.... MY (AT) EMAIL DOT COM )
>
> Or even, just having the archive generally disguising the emails that
> are in there, would be a good plan too.
>
> Make sense? Possible now after the fact?
> Thanks,
> -FRuG
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: OT: SVN: Mailing Archive: Email's public, open to spammers?
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Wednesday, July 21, 2004 7:24 PM -0400 Brian Mathis
<bm...@directedge.com> wrote:
> My record in the past week is 14,098 messages. A little math brings that
> to 9.79 messages per minute in processing if I were running it 24 hours a
> day, which I don't. I'm at the point right now that most of my new
> non-spam messages for the day don't actually arrive in my inbox until
> about an hour after I've logged in. I only see it getting worse in the
> future.
I have a milter (MIMEDefang) filtering out the worst spam (>10 points) at
the MTA submission. I then run SA from /etc/procmailrc to tag anything over
5 with a subject line prefix that includes the score. My personal
.procmailrc filters the spam into a separate folder. (Each mailing list
also gets its own folder, so I can quickly read the lists in the order I'm
interested in.) Finally, my client (Cyrusoft Mulberry) is configured to
display only unseen messages in the spam folder, sorted by subject line
(and hence by spam score), so that the most likely false positives will be
at the top of the list. I quickly check for any FP's and then mark the
folder seen. Any FP's are copied to a FP folder, and a nightly cron job
runs sa-learn to re-train those messages as ham. Meanwhile any spam that
evades SA is moved to an Uncaught folder, and the same cron job retrains
those messages as spam.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: OT: SVN: Mailing Archive: Email's public, open to spammers?
Posted by Brian Mathis <bm...@directedge.com>.
kfogel@collab.net wrote:
> If the effort were small, we could try it. But this would probably
> take at least a day of some engineer's time here to get right, time
> that could be spent fixing bugs and improving Subversion, cvs2svn,
> etc.
>
> FWIW, I use SpamAssassin and SpamProbe (Bayesian filtering) together,
> and the result is that I get almost no spam now, whereas I used to get
> at least 500 a day (peanuts compared with your 10,000, so I imagine
> you must be doing some sort of filtering already!). The stuff at
>
> http://www.red-bean.com/kfogel/spam-filtering.html
>
> may or may not be of any help to you; it sure saved me.
>
> But again, if you don't post your address, no spammer can find it...
>
> -Karl
Yup, I have all sorts of filtering set up. Spamassassin (which has
Bayesian filtering already built in, no need for something else),
procmail scripts, and a bunch of .qmail files on my ISP to /dev/null
known bad email addresses. Almost all of the spam gets caught, but I
have no idea if any non-spam gets caught - it's simply impossible to check.
My record in the past week is 14,098 messages. A little math brings
that to 9.79 messages per minute in processing if I were running it 24
hours a day, which I don't. I'm at the point right now that most of my
new non-spam messages for the day don't actually arrive in my inbox
until about an hour after I've logged in. I only see it getting worse
in the future.
It would be a nice world to live it that invloved no overhead, and one
could just code away all day on the thing they like the best.
Unfortunately you have to stop to pay the bills, eat, sleep, pay your
taxes, and sometimes work on things that aren't directly related to that
project.
I'll even volunteer to do it myself if I can.
--
Brian Mathis
http://directedge.com/b/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: OT: SVN: Mailing Archive: Email's public, open to spammers?
Posted by kf...@collab.net.
Brian Mathis <bm...@directedge.com> writes:
> No, it's not at all useless. The effort is very small, and the reward
> is great. Spammers use scripts that crawl the web. Finding some web
> page with a bunch of addresses takes no work at all on the part of a
> spammer. Signing up to a mailing list and then collecting messages
> takes infinitely more work, and most if not all spammers won't be
> doing that, if they even understand it's possible.
If the effort were small, we could try it. But this would probably
take at least a day of some engineer's time here to get right, time
that could be spent fixing bugs and improving Subversion, cvs2svn,
etc.
FWIW, I use SpamAssassin and SpamProbe (Bayesian filtering) together,
and the result is that I get almost no spam now, whereas I used to get
at least 500 a day (peanuts compared with your 10,000, so I imagine
you must be doing some sort of filtering already!). The stuff at
http://www.red-bean.com/kfogel/spam-filtering.html
may or may not be of any help to you; it sure saved me.
But again, if you don't post your address, no spammer can find it...
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: OT: SVN: Mailing Archive: Email's public, open to spammers?
Posted by Brian Mathis <bm...@directedge.com>.
Klaus Rennecke wrote:
> Brian Mathis wrote:
>> [...]
>> I don't think it's unreasonable to expect that these days, if you are
>> making a public archive of a mailing list, that you munge the
>> addresses. I would actually consider it a requirement. It would
>> be a small additional step that will save everyone a lot of hassle
>> later on.
>> [...]
>
> Well, it's not as such unreasonable, but pretty much useless. There is
> nothing you can do to prevent a spammer to join the mailing list and
> lurk with a bot to harvest addresses. No munging will help there.
>
> So, I don't believe it's worth the effort. It might even be considered
> an added risk, because it would create a false sense of security.
>
> Funny thing is, I didn't get any spam yet - that I know of - on this
> vector. But that's probably just plain lucky :-)
>
> /Klaus
No, it's not at all useless. The effort is very small, and the reward
is great. Spammers use scripts that crawl the web. Finding some web
page with a bunch of addresses takes no work at all on the part of a
spammer. Signing up to a mailing list and then collecting messages
takes infinitely more work, and most if not all spammers won't be doing
that, if they even understand it's possible.
I get over 10,000 spams per day, and most of them go to addresses where
at the time, the list or site was private. Over time, addresses leak
out. The more you can prevent the leaks, the better it will be for you
a few years down the line.
Email archive sites are some of the biggest sources of spam addresses
these days.
--
Brian Mathis
http://directedge.com/b/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
OT: SVN: Mailing Archive: Email's public, open to spammers?
Posted by Klaus Rennecke <kr...@tigris.org>.
Brian Mathis wrote:
> [...]
> I don't think it's unreasonable to expect that these days, if you are
> making a public archive of a mailing list, that you munge the addresses.
> I would actually consider it a requirement. It would be a small
> additional step that will save everyone a lot of hassle later on.
> [...]
Well, it's not as such unreasonable, but pretty much useless. There is
nothing you can do to prevent a spammer to join the mailing list and
lurk with a bot to harvest addresses. No munging will help there.
So, I don't believe it's worth the effort. It might even be considered
an added risk, because it would create a false sense of security.
Funny thing is, I didn't get any spam yet - that I know of - on this
vector. But that's probably just plain lucky :-)
/Klaus
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SVN: Mailing Archive: Email's public, open to spammers?
Posted by Brian Mathis <bm...@directedge.com>.
kfogel@collab.net wrote:
> Trevor Harrison <tr...@harrison.org> writes:
>
>>>After my post, I noticed that my email is now posted on the
>>>SVN-Users Email list archive
>>> http://subversion.tigris.org/servlets/SummarizeList?listName=users
>>>
>>>The unfortunate part, is that my email is now exposed to those email
>>>crawlers, and spammers.
>>>
>>>Any way I could have my email 'disguized' or partially blocked?
>>
>>Its probably too late. I've just started receiving spam to my
>>svn-list-only email address. (not spam via the list, but direct spam
>>to me)
>
> Even if we disguised the email address, there are other people
> archiving the Subversion mailing lists.
>
> (But in general, this is under the sender's control, isn't it? The
> address only appears because you posted it. If you don't want it
> available to the Internet, don't post it, or post it disguised. Our
> archives are just repeating the bytes you sent them...)
>
> -Karl
I don't think it's unreasonable to expect that these days, if you are
making a public archive of a mailing list, that you munge the addresses.
I would actually consider it a requirement. It would be a small
additional step that will save everyone a lot of hassle later on.
Here's a perl 1 liner that'll get most addresses:
echo test@test.com | perl -n -e
's/(([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3}))/MUNGED/g;'
There might be a better regex out there to do it.
Posting using a munged address to usenet is fine, but on a mailing list
it would be almost impossible to ensure that your real address never
gets through. People quote messages, etc... If you use a completely
fake address, how can the mail ever get to you in the first place?
--
Brian Mathis
http://directedge.com/b/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SVN: Mailing Archive: Email's public, open to spammers?
Posted by kf...@collab.net.
Trevor Harrison <tr...@harrison.org> writes:
> > After my post, I noticed that my email is now posted on the
> > SVN-Users Email list archive
> > http://subversion.tigris.org/servlets/SummarizeList?listName=users
> >
> >The unfortunate part, is that my email is now exposed to those email
> >crawlers, and spammers.
> >
> > Any way I could have my email 'disguized' or partially blocked?
>
> Its probably too late. I've just started receiving spam to my
> svn-list-only email address. (not spam via the list, but direct spam
> to me)
Even if we disguised the email address, there are other people
archiving the Subversion mailing lists.
(But in general, this is under the sender's control, isn't it? The
address only appears because you posted it. If you don't want it
available to the Internet, don't post it, or post it disguised. Our
archives are just repeating the bytes you sent them...)
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SVN: Mailing Archive: Email's public, open to spammers?
Posted by Trevor Harrison <tr...@harrison.org>.
FRuG FoREST wrote:
>After my post, I noticed that my email is now posted on the
> SVN-Users Email list archive
> http://subversion.tigris.org/servlets/SummarizeList?listName=users
>
>The unfortunate part, is that my email is now exposed to those email
>crawlers, and spammers.
>
>Any way I could have my email 'disguized' or partially blocked?
>
>
Its probably too late. I've just started receiving spam to my
svn-list-only email address. (not spam via the list, but direct spam to me)
-Trevor
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org