You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Joshua Slive <jo...@slive.ca> on 2006/04/27 16:04:48 UTC
Fwd: Email address on mail archive (fwd)
This type of request is becoming more and more common.
Although mod_mbox obscures the basic to and from address, there are
still two problems:
1. It doesn't obscure email addresses in the body of the message
(which could be from forwarded/quoted messages).
2. The "raw" link still gives access to the unobscured addresses.
I know there are people who still hold the idealistic view that we
shouldn't be obscuring email addresses at all. Although I agree in
principle, I think the world has passed that view by.
I don't know if anyone is interested in fixing this stuff, but I
thought I would at least point out the recurring issue to the mod_mbox
developers.
Joshua.
---------- Forwarded message ----------
From: jm@jmason.org <jm...@jmason.org>
Date: Apr 27, 2006 7:49 AM
Subject: Email address on mail archive (fwd)
To: infrastructure@apache.org
Sorry -- I can't recall -- what's the policy on this kind of
request?
--j.
------- Forwarded Message
Date: Tue, 25 Apr 2006 08:21:17 +0100
From: Jens Finke <jens bluegecko.org>
To: dev-owner@spamassassin.apache.org
Subject: Email address on mail archive
Hi,
I posted a bug report to spamassassin.dev in November 2004. Rather ironically,
I notice that my email address has been visible on the mail-archives.apache.org
website ever since. Much as I appreciate Spam Assassin, having my primary addr
ess accessible to any web trawling spambot rather defeats the whole point.
So, could you please delete the address (jens bluegecko.org) from the following
four pages:
http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200411.mbox/%3C200411
24161053.45A72838B4@bugzilla.spamassassin.org%3E
http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200411.mbox/raw/%3c20
041124161053.45A72838B4@bugzilla.spamassassin.org%3e
http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200411.mbox/%3C200411
24183553.DCF25838B4@bugzilla.spamassassin.org%3E
http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200411.mbox/raw/%3c20
041124183553.DCF25838B4@bugzilla.spamassassin.org%3e
Many thanks,
Jens Finke
--
http://www.bluegecko.org
- Traditional Music and Cultures of Kenya
- Chasing the Lizard's Tail: across the Sahara by bicycle
Mjinga akierevuka mwerevu yupo mashakani
When a fool becomes enlightened, the wise man is in trouble
------- End of Forwarded Message
Re: Email address on mail archive (fwd)
Posted by Ruediger Pluem <rp...@apache.org>.
On 04/28/2006 11:45 PM, Ian Holsman wrote:
>
> On 29/04/2006, at 4:30 AM, Justin Erenkrantz wrote:
>
>>
>> Welcome to the big bad Internet. Not everyone is nice. It's a
>> valuable lesson to learn.
>>
>> We can do all of the obfuscation we want in mod_mbox, but spambots
>> *do* just subscribe to the lists. (We see them in the subscriber
>> lists.) So, we can't obfuscate those addresses in the emails everyone
>> receives. -- justin
>
>
> Justin. we *want* people to use our bug system and our mailing lists.
I agree with you on the bug system issue because
1. The sender of the mail to the bugs list is bugzilla@apache.org. So there is
no need to disclose the problem reporters email address in these mails.
2. It might be unexpected for the user that its email address is added to those
mails.
3. Many bugzilla users are not that experienced.
OTH I agree with Justin regarding the discussion mailing lists. As we want to keep
the sender address of the person who sent a message a bot subscribing to the list
will get it anyway. So I think obsfucating the email addresses only in mod_mbox
creates a wrong expression of protection against spamming, especially for more
inexperienced users that are not aware of bots subscribing to the list.
Just doing it for the status quo is not really an argument for me to do so, as this
would not solve the users problems but only relieve us from users pointing
these kind of questions / requests to us.
Currently I see only the following reasons for obsfucating addresses in mod_mbox:
1. Other users of mod_mbox request this feature and someone of the developers is
willing to do this / merge submitted patches.
2. The load on mail-archives.apache.org is increased too much by bots and obfuscating
addresses would cause them to go away (which I do not really believe).
Regards
RĂ¼diger
>
> Some of the subscribers may not be as experienced as you. They are just
> after a certain level of comfort.
>
> By obfuscating their email address on web pages and bug reports we give
> the comfort to them, and they in turn feel more comfortable posting.
>
> It doesn't matter if we don't stop *all* bots, what is being asked for
> is the status quo.
> The status quo on nearly all web-based products is to hide the email
> address.
>
> and actually I think you could design the mailing list software *to*
> obsfucate personal
> email addresses (similar to what gmane does).
>
> It is just that the status quo isn't there yet for mailing lists.
>
> --Ian
> --
> Ian Holsman
> Ian_at_Holsman.NET
> Never forget that you are unique, like everyone else.
>
>
>
>
Re: Email address on mail archive (fwd)
Posted by Ian Holsman <li...@holsman.net>.
On 29/04/2006, at 4:30 AM, Justin Erenkrantz wrote:
>
> Welcome to the big bad Internet. Not everyone is nice. It's a
> valuable lesson to learn.
>
> We can do all of the obfuscation we want in mod_mbox, but spambots
> *do* just subscribe to the lists. (We see them in the subscriber
> lists.) So, we can't obfuscate those addresses in the emails everyone
> receives. -- justin
Justin. we *want* people to use our bug system and our mailing lists.
Some of the subscribers may not be as experienced as you. They are
just after a certain level of comfort.
By obfuscating their email address on web pages and bug reports we
give the comfort to them, and they in turn feel more comfortable
posting.
It doesn't matter if we don't stop *all* bots, what is being asked
for is the status quo.
The status quo on nearly all web-based products is to hide the email
address.
and actually I think you could design the mailing list software *to*
obsfucate personal
email addresses (similar to what gmane does).
It is just that the status quo isn't there yet for mailing lists.
--Ian
--
Ian Holsman
Ian_at_Holsman.NET
Never forget that you are unique, like everyone else.
Re: Email address on mail archive (fwd)
Posted by Paul Querna <ch...@force-elite.com>.
Justin Erenkrantz wrote:
> On 4/28/06, Joshua Slive <jo...@slive.ca> wrote:
>> As I said, I'd love to agree with you. But why don't you try asking
>> 100 random subscribers to our users lists or 100 random bug submitters
>> whether they think it is obvious that their email address will be made
>> public. A couple years ago, they might have agreed. Now, I'd guess
>> the majority wouldn't think that is obvious at all.
>
> Welcome to the big bad Internet. Not everyone is nice. It's a
> valuable lesson to learn.
>
> We can do all of the obfuscation we want in mod_mbox, but spambots
> *do* just subscribe to the lists. (We see them in the subscriber
> lists.) So, we can't obfuscate those addresses in the emails everyone
> receives. -- justin
Thats why we should just use a web based forum!!!!
</sarcasm>
Re: Email address on mail archive (fwd)
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
On 4/28/06, Joshua Slive <jo...@slive.ca> wrote:
> As I said, I'd love to agree with you. But why don't you try asking
> 100 random subscribers to our users lists or 100 random bug submitters
> whether they think it is obvious that their email address will be made
> public. A couple years ago, they might have agreed. Now, I'd guess
> the majority wouldn't think that is obvious at all.
Welcome to the big bad Internet. Not everyone is nice. It's a
valuable lesson to learn.
We can do all of the obfuscation we want in mod_mbox, but spambots
*do* just subscribe to the lists. (We see them in the subscriber
lists.) So, we can't obfuscate those addresses in the emails everyone
receives. -- justin
Re: Email address on mail archive (fwd)
Posted by Joshua Slive <jo...@slive.ca>.
On 4/28/06, Justin Erenkrantz <ju...@erenkrantz.com> wrote:
> On 4/27/06, Joshua Slive <jo...@slive.ca> wrote:
> > I know there are people who still hold the idealistic view that we
> > shouldn't be obscuring email addresses at all. Although I agree in
> > principle, I think the world has passed that view by.
>
> I think that obfuscation is completely pointless. You're posting to a
> *public* mailing list. If you can't understand that, well, I just
> don't care about people who whine. The *only* solution that is valid
> is to use anti-spam tools on your end. I have no desire to get into a
> never-ending arms race with spammers. We can't win that battle on
> those terms. -- justin
As I said, I'd love to agree with you. But why don't you try asking
100 random subscribers to our users lists or 100 random bug submitters
whether they think it is obvious that their email address will be made
public. A couple years ago, they might have agreed. Now, I'd guess
the majority wouldn't think that is obvious at all.
Joshua.
Re: Email address on mail archive (fwd)
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
On 4/27/06, Joshua Slive <jo...@slive.ca> wrote:
> I know there are people who still hold the idealistic view that we
> shouldn't be obscuring email addresses at all. Although I agree in
> principle, I think the world has passed that view by.
I think that obfuscation is completely pointless. You're posting to a
*public* mailing list. If you can't understand that, well, I just
don't care about people who whine. The *only* solution that is valid
is to use anti-spam tools on your end. I have no desire to get into a
never-ending arms race with spammers. We can't win that battle on
those terms. -- justin