RE: [chairs] SPAM

["Philpott, Robert" <rphilpott@rsasecurity.com>]

I'll counter Eduardo's point a little bit.  I for one do know that my work
email address being posted in the OASIS archives has directly resulted in it
being harvested and placed in the spam lists.

But I use a decent client spam filter and it's not quite so bothersome any
more.

However, there is one point I want to make re: openness and spam.  I know a
number of individuals that absolutely will not post to the OASIS lists
because once they do, their email address is likely to end up on the
spammers lists.  So here is a case where the policy of not obfuscating or
hiding email addresses hinders the openness we all desire.  We miss out on
debate from those individuals who force themselves to just lurk.

I personally don't care about this issue - as I said - I've got a decent
spam filter.  But I thought I'd raise this other viewpoint.

Now stand away from that fire Eduardo...

Rob Philpott
Senior Consulting Engineer 
RSA Security Inc. 
Tel: 781-515-7115 
Mobile: 617-510-0893 
Fax: 781-515-7020 
mailto:rphilpott@rsasecurity.com 


> -----Original Message-----
> From: Eduardo Gutentag [mailto:Eduardo.Gutentag@Sun.COM]
> Sent: Tuesday, April 13, 2004 2:50 PM
> To: chairs@lists.oasis-open.org
> Subject: Re: [chairs] SPAM
> 
> All,
> 
> I have to confess that I have watched with mounting alarm the turn this
> discussion has
> taken.
> 
> I would like to make a couple of observations, at the risk of sounding
> heretical and
> ready to be tossed on the fire.
> 
> My first cause for alarm has been the casual easiness with which the
> openness of the
> archives has been put aside. I believe that hiding the sender of archived
> messages in
> a manner that makes it almost impossible for most human beings to respond
> to or contact the
> sender easily does a disservice to the spirit of openness of OASIS itself.
> Openess has risks.
> If we can't live with this we should neither belong to nor work in the
> OASIS environment.
> Spamming is one of the risks. Being responded to by someone one has never
> met is another.
> Or is that in fact an advantage rather than a risk? Sometimes it's a pain.
> Sometimes it's a real
> pleasure. Are we going to deny this to ourselves just because some receive
> more spam than they know
> how to deal with?
> 
> Another cause for concern has been the fact that *no one* has argued that
> OASIS is
> the wrong point at which to fight the spam that individuals receive. First
> of all, there
> is no evidence that the spam received by Duane (who started this thread)
> can or should be
> blamed on OASIS archives. It's anecdotal. It's unprovable. In my
> particular anecdotal case
> I don't believe I've experienced an increase in spam due to activities in
> OASIS. 70% of the
> spam directed at me goes to eduardo@eng.sun.com, which is an address I
> have neither used
> nor signed with for years and years. It nevertheless exists somewhere in
> the Internet; I
> don't know where and I don't care. I just filter it out and inspect every
> so often. Because
> that's one of the points at which one should fight spam: at the client
> level. Get yourself
> an intelligent, spam aware client or filtering mechanism and smile. Don't
> mess with the
> OASIS archives just because your IT department tells you you have to use a
> bad client. Don't
> mess with the OASIS archives just because your IT department does not know
> how to filter spam.
> The right points at which to fight spam are the client, the server, the
> law and the email
> standards, not the OASIS archives.
> 
> Just like the only proven way of securing a computer from internet based
> attacks is by unplugging it from the net, the only proven way of
> protecting oneself from spam
> is by not sending email: every time you send email to someone whose
> computer could be
> the victim of a virus, you run the risk of having your address forwarded
> to a spammer. Are
> you going to stop sending email because of that? Or are you instead going
> to try to get the
> right protection at the right level?
> 
> 
> --
> Eduardo Gutentag               |         e-mail: eduardo.gutentag@Sun.COM
> Web Technologies and Standards |         Phone:  +1 510 550 4616 x31442
> Sun Microsystems Inc.          |         W3C AC Rep / OASIS BoD