[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Poll: Should mhonarc.org mail archives hide mail addresses

On Jan 1, 2004, at 1:15 PM, Williams, Travis L, NEO wrote:

Some method should be provided to obfuscate an address.. I'm not
sure how smart the harvesters are but maybe a couple of different
methods should be done in a round robin fashion so they can't just say..

anything you can programmatically obfuscate they can (and are) programmatically de-obfuscating. Slashdot tried that, and it failed miserably. Took the spammers about a week to deal with it.

Answer: no email address should be visible to an unauthenticated user. Period. What might have been okay five years ago isn't any more. A public, unprotected archive hands your users email addresses to google, who hands them to the spammers.

Now, should MHonarc do this? depends on your strategy. My strategy is to output all archives through a web tool that strips data on the fly, so that authenticated users can get the full info while still protecting data from guest access. Since I expect the data that will need to be protected will change over time, I want that protecting in the output tool, not the archiving tool -- so I can change it on the fly without having to go back and rebuild the archives.

Other things that need to be protected: social security (or other national ID) numbers and phone numbers. neither should be distributed to non-authenticated (I.e: I know who you are) users. And we shouldn't assume either of those are US centric, of course.

But if you don't strip email addresses from open archives, you've handed them to the spammers. That is not, I don't believe, what your users expected when they subscribed to your mail list.

(I worry about stuff like this for a living...)

[Index of Archives]     [Bugtraq]     [Yosemite News]     [Mhonarc Home]