Re: IETF facilitated SPAM was Re: [External] Re: How do we feel about conferences scraping addresses from the IETF?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jun 07, 2023 at 01:30:10PM +0200, Alessandro Vesely wrote:
> No, they're not.  While attempts that bother legitimate users are to be
> avoided, some obfuscation techniques are worth their salt.  They impede the
> most naive and unfit spammers only.  That is, they select a minimal
> technical level, thereby reducing the order of magnitude of spam attempts.

Actually: no.

You've overlooked something that's common knowledge: address lists (and
databases, see link below) of all sizes -- some of them enormous -- are
for sale, many of them cheaply.  The naive/unfit spammers you posit *are*
naive/unfit and they're not going to bother collecting addresses via any
means, simple or sophisticated: they're just going to buy lists/databases
of them from people who are most definitely NOT novices, and *those*
people aren't going to be defeated or even slowed down by futile and
pointless attempts at obfuscation.

It's not that obfuscation et.al. don't work.  They've NEVER worked.
They're the equivalent of Wile E. Coyote holding an umbrella over his
head while a 20-ton rock is dropping toward him -- and they're just as
ludicrously ineffective.

I just revised a writeup from a few years back to discuss this in
some depth.  It probably still has some typos in it, but here's a very
high-level, introductory (and thus woefully incomplete) discussion
explaining how spammers collect address and why obfuscation will have
no measurable effect on it:

	Email address obfuscation is security theater
	https://www.mailsystemdefense.com/how-spammers-get-addresses.html

The TL;DR version of that specifically relevant to the IETF is: the sum
total of all IETF mailing lists, data trackers, and other assets is a
negligible blip when measured against the totality of these databases.
So even if someone could wave a magic wand and make all collection via
those stop (and even better, destroy all data that's been previously
collected from those no matter where it now resides) it would be very
unlikely to make a measurable difference -- even to IETF participants.

---rsk
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux