Re: Poll: Should mhonarc.org mail archives hide mail addresses

[Chuq Von Rospach <chuqui@xxxxxxxxxxxxxx>]

On Jan 1, 2004, at 1:15 PM, Williams, Travis L, NEO wrote:

> Yes,
> 	Some method should be provided to obfuscate an address.. I'm not
> sure how smart the harvesters are but maybe a couple of different
> methods should be done in a round robin fashion so they can't just 
> say..

anything you can programmatically obfuscate they can (and are) 
programmatically de-obfuscating. Slashdot tried that, and it failed 
miserably. Took the spammers about a week to deal with it.

Answer: no email address should be visible to an unauthenticated user. 
Period. What might have been okay five years ago isn't any more. A 
public, unprotected archive hands your users email addresses to google, 
who hands them to the spammers.

Now, should MHonarc do this? depends on your strategy. My strategy is 
to output all archives through a web tool that strips data on the fly, 
so that authenticated users can get the full info while still 
protecting data from guest access. Since I expect the data that will 
need to be protected will change over time, I want that protecting in 
the output tool, not the archiving tool -- so I can change it on the 
fly without having to go back and rebuild the archives.

Other things that need to be protected: social security (or other 
national ID) numbers and phone numbers. neither should be distributed 
to non-authenticated (I.e: I know who you are) users. And we shouldn't 
assume either of those are US centric, of course.

But if you don't strip email addresses from open archives, you've 
handed them to the spammers. That is not, I don't believe, what your 
users expected when they subscribed to your mail list.

chuq
(I worry about stuff like this for a living...)