|
Matt,
I just do the vastly overpriced analysis and
specification
here.
All the programming is done off-shore in our
solution
center in a brand new $250M custom
facility erected
in an impoverished rural state where the average
IQ
just happens to be 138.5, monthly wage of $10,
and
right underneath a geostationary satellite
communication
downlink.
DW
----- Original Message -----
Sent: Tuesday, April 13, 2004 12:44
PM
Subject: Re: [chairs] SPAM
Karl:
It sounds like DRRW is signing up to write the
code for you :-)
Problem solved.
-Matt
On Apr 13, 2004,
at 12:27 PM, David RR Webber wrote:
Karl,
What I was thinking is dumping a simple XML file
out with
email address + sequence number - and reading that
into
memory as a part of the archive generator - and drive
the
search/replace that way.
Simple thing to update that XML file when a
member joins
or changes email address by re-running that dump to
the
XML flatfile.
DW.
----- Original Message -----
From: "Karl
F. Best" <karl.best@oasis-open.org>
To:
"David RR Webber" <david@drrw.info>
Cc: "Eve L. Maler"
<Eve.Maler@Sun.COM>; <chairs@lists.oasis-open.org>
Sent:
Tuesday, April 13, 2004 12:20 PM
Subject: Re: [chairs] SPAM
David:
I like the idea. It would require a bit of extra
processing for each
message to match the sender with the Kavi database.
The big problem,
though, is that we don't have membership numbers; the
"key" or unique
identifier in the database is the email
address.
But this might have some merit anyway. We'll think about
what might be
possible.
-Karl
David RR Webber
wrote:
Karl,
Replacing the address with the OASIS #
satisfies your
requirement. It's basically impossible since there
is
no correlation.
The only way back is if you have the OASIS
membership
/ number xref list.
My guess is you could setup a
simple Java program or
XSLT script to do this replacement
stripping...
DW.
----- Original Message -----
From:
"Karl F. Best" <karl.best@oasis-open.org>
To: "Eve L. Maler"
<Eve.Maler@Sun.COM>
Cc:
<chairs@lists.oasis-open.org>
Sent: Tuesday, April 13, 2004
12:10 PM
Subject: Re: [chairs] SPAM
Yeah, we thought about something like that, i.e.
replacement of the
address with some sort of code. But in order to
be effective it must be
costly (i.e. impossible for a machine,
requires a human) to re-convert
large quantities of addresses, but
simple for a human to re-convert a
single address.
From the
first Slashdot example, at least, it would be simple for a
human to
look at the address and create a simple rule for how to
recreate
the original.
-Karl
p.s. <chuckle> the rotating
banner at the top of the Slashdot page when
I viewed it was an
O'Reilly ad for a book on creating spiders and
bots...
</>
Eve L. Maler wrote:
Why not just use a mechanistic, but variable, means of
disguising the
email address the way Slashdot does? An example
appears
here:
http://slashdot.org/comments.pl?sid=103884&cid=8848779
The
email link shows up
as:
mailto:heironymouscoward%40yah%5B%20%5Dcom%20%5B'oo.'%20in%20gap%5D
A
human can decode this as necessary, but a machine has a much
tougher
time. Here's
another:
http://slashdot.org/comments.pl?sid=103883&cid=8848358
The
email link shows up
as:
mailto:dgorman%40nosPaM.arete.cc
Etc. I believe
the engine behind Slashdot is open-source, so
maybe
that
(or part of it, anyway) can be used. Though I wonder
about its
effectiveness if a spammer can locate all the disguise
techniques in a
file somewhere...
Eve
Karl F. Best
wrote:
Chairs:
I'll open another can of worms and jump
into this :-)
I agree with you wholeheartedly, Duane, that
this is a problem. I'll
bet that I get more spam than you do
(few hundred a day). And I have
no doubt that all this is
because of spammers harvesting addresses
from our list
archives.
Of course a knee-jerk reaction would be to close
off the archives so
that nobody can get to them, but given that
the OASIS philosophy is
openness and accountability we need to
keep things open
and
accessible.
There seems to be two possible solutions: either
disguise the
addresses stored in the archives, or to somehow
block access so that
only a human can get through. (I don't
think that we want to go down
the path of an offensive strategy
such as what Duane suggests.)
Lacking a foolproof Turing
test to allow only human access to the
archives, I think the
best and easiest solution will probably be to
disguise the
email addresses attached to each message so that whatever
is
harvested in unusable by spammers. The disguise would have to
be
such that the harvester would not be able to accurately or
easily
recreate the address. Obviously substituting the word
"at" for the @
sign isn't going to fool anybody for very long.
But whatever we do may
not disguise the actual identity of the
sender; we need to know who
sent the message.
A final
question is whether it is necessary for a person to be able
to
respond to a message he found in the archives; i.e. does the
guy on
the street need to be able to figure out how to respond
to Duane when
he reads something thet Duane wrote? Perhaps this
requirement is not
so important, as TC members already know how
to respond to the TC
list, and the guy on the street is already
given instructions for
sending a comment to the TC.
If
the above is acceptable then perhaps I could suggest (and
please
note, this is just a strawman for discussion, not an
official OASIS
proposal) that we delete some portion of the
address after the @ sign.
We could delete all of it, leaving
just "duane@", for example, but
then we loose any idea about
what company Duane was at, whether Yellow
Dragon or Adobe (and
it may be important for IPR reasons to know). So
maybe we could
leave the first couple of characters after the @
sign,
resulting in "duane@ye" or "duane@ad". If we left three
characters
then we'd get "sun" and "ibm" etc. which would make
it possible to
reconstruct the address. But then again with
only two we would
get
"hp".
So, any comments on whether it should be a requirement
for a human to
still be able to figure out the email address?
And, if that's not a
requirement, what do you think of my above
suggestion?
-Karl
p.s. Duane, I hope you don't mind
me using you as the example
:-)
--
=================================================================
Karl
F. Best
Vice President, OASIS
office +1 978.667.5115 x206 mobile
+1 978.761.1648
karl.best@oasis-open.org
http://www.oasis-open.org
--
=================================================================
Karl
F. Best
Vice President, OASIS
office +1 978.667.5115 x206 mobile +1
978.761.1648
karl.best@oasis-open.org
http://www.oasis-open.org
___________________________
Matthew
MacKenzie
Senior
Architect
IDBU Server Solutions
Adobe Systems Canada
Inc.
http://www.adobe.com/products/server/
mattm@adobe.com
+1 (506)
871.5409
|