OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

chairs message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SPAM

I an getting ruthlessly spammed and every day it increases.

After careful analysis, I have deduced that my email address is most 
often harvested from OASIS list archives.
I would favor setting up a system that makes it harder for spammers to 
harvest email addresses from this list by confusing the heuristic filters.

Others have done something like this to fight it

dnickull(at)adobe.com - replace the (at) with the "@" sign to email.

but this is too easy to program around.

I couldn't sleep last night and came up with a more devious plot to foil 
the spammers.  What if we adopted both a defensive and offensive 
strategy?  First of all, if we defensively replaced all the email 
archives email addresses with something that confused the spam 
harvesters like

"dnickull" + [some_randomness_here] + domainname + {something else to 
hide the domain suffix - .com, .org, .gov}

that would potentially cut down email addresses getting harvested.

Second, as an offensive weapon, make some dynamic pages that either 
detect patterns in the log files of a bot looking for email addresses 
(such as a repeated get() for more than 10 archive pages within a 
certain timeframe) and it would generate hundreds of email addresses 
that are invisible to the human eye, but would be based on the URL the 
get originated from.  

For example, if I send a request to get the get() the archives for OASIS 
from IP address 216.154.143.253, the page would generate 100's of hidden 
email addresses, all   @216.154.143.253.  The IP address is a readily 
available environmental variable within an HTTP request scenario.

To the casual observer, there would be no difference in the page display 
but to a spam email harvester, this would add 100's (perhaps 1,000's) of 
emails that would end up with the spam harvester being the victim of a 
their own spam.

This could be both funny and help solve the problem.  This would also 
not be to hard IMO to implement.

Thoughts?

Duane

-- 
Senior Standards Strategist
Adobe Systems, Inc.
http://www.adobe.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]