[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [chairs] SPAM
Why not just use a mechanistic, but variable, means of disguising the email address the way Slashdot does? An example appears here: http://slashdot.org/comments.pl?sid=103884&cid=8848779 The email link shows up as: mailto:heironymouscoward%40yah%5B%20%5Dcom%20%5B'oo.'%20in%20gap%5D A human can decode this as necessary, but a machine has a much tougher time. Here's another: http://slashdot.org/comments.pl?sid=103883&cid=8848358 The email link shows up as: mailto:dgorman%40nosPaM.arete.cc Etc. I believe the engine behind Slashdot is open-source, so maybe that (or part of it, anyway) can be used. Though I wonder about its effectiveness if a spammer can locate all the disguise techniques in a file somewhere... Eve Karl F. Best wrote: > Chairs: > > I'll open another can of worms and jump into this :-) > > I agree with you wholeheartedly, Duane, that this is a problem. I'll bet > that I get more spam than you do (few hundred a day). And I have no > doubt that all this is because of spammers harvesting addresses from our > list archives. > > Of course a knee-jerk reaction would be to close off the archives so > that nobody can get to them, but given that the OASIS philosophy is > openness and accountability we need to keep things open and accessible. > > There seems to be two possible solutions: either disguise the addresses > stored in the archives, or to somehow block access so that only a human > can get through. (I don't think that we want to go down the path of an > offensive strategy such as what Duane suggests.) > > Lacking a foolproof Turing test to allow only human access to the > archives, I think the best and easiest solution will probably be to > disguise the email addresses attached to each message so that whatever > is harvested in unusable by spammers. The disguise would have to be such > that the harvester would not be able to accurately or easily recreate > the address. Obviously substituting the word "at" for the @ sign isn't > going to fool anybody for very long. But whatever we do may not disguise > the actual identity of the sender; we need to know who sent the message. > > A final question is whether it is necessary for a person to be able to > respond to a message he found in the archives; i.e. does the guy on the > street need to be able to figure out how to respond to Duane when he > reads something thet Duane wrote? Perhaps this requirement is not so > important, as TC members already know how to respond to the TC list, and > the guy on the street is already given instructions for sending a > comment to the TC. > > If the above is acceptable then perhaps I could suggest (and please > note, this is just a strawman for discussion, not an official OASIS > proposal) that we delete some portion of the address after the @ sign. > We could delete all of it, leaving just "duane@", for example, but then > we loose any idea about what company Duane was at, whether Yellow Dragon > or Adobe (and it may be important for IPR reasons to know). So maybe we > could leave the first couple of characters after the @ sign, resulting > in "duane@ye" or "duane@ad". If we left three characters then we'd get > "sun" and "ibm" etc. which would make it possible to reconstruct the > address. But then again with only two we would get "hp". > > So, any comments on whether it should be a requirement for a human to > still be able to figure out the email address? And, if that's not a > requirement, what do you think of my above suggestion? > > -Karl > > p.s. Duane, I hope you don't mind me using you as the example :-) -- Eve Maler +1 781 442 3190 Sun Microsystems cell +1 781 354 9441 Web Products, Technologies, and Standards eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]