[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [chairs] SPAM
+1, with extreme prejudice -----Original Message----- From: Duane Nickull [mailto:dnickull@adobe.com] Sent: Monday, April 12, 2004 1:35 PM To: karl.best@oasis-open.org Cc: chairs@lists.oasis-open.org Subject: [chairs] SPAM I an getting ruthlessly spammed and every day it increases. After careful analysis, I have deduced that my email address is most often harvested from OASIS list archives. I would favor setting up a system that makes it harder for spammers to harvest email addresses from this list by confusing the heuristic filters. Others have done something like this to fight it dnickull(at)adobe.com - replace the (at) with the "@" sign to email. but this is too easy to program around. I couldn't sleep last night and came up with a more devious plot to foil the spammers. What if we adopted both a defensive and offensive strategy? First of all, if we defensively replaced all the email archives email addresses with something that confused the spam harvesters like "dnickull" + [some_randomness_here] + domainname + {something else to hide the domain suffix - .com, .org, .gov} that would potentially cut down email addresses getting harvested. Second, as an offensive weapon, make some dynamic pages that either detect patterns in the log files of a bot looking for email addresses (such as a repeated get() for more than 10 archive pages within a certain timeframe) and it would generate hundreds of email addresses that are invisible to the human eye, but would be based on the URL the get originated from. For example, if I send a request to get the get() the archives for OASIS from IP address 216.154.143.253, the page would generate 100's of hidden email addresses, all @216.154.143.253. The IP address is a readily available environmental variable within an HTTP request scenario. To the casual observer, there would be no difference in the page display but to a spam email harvester, this would add 100's (perhaps 1,000's) of emails that would end up with the spam harvester being the victim of a their own spam. This could be both funny and help solve the problem. This would also not be to hard IMO to implement. Thoughts? Duane -- Senior Standards Strategist Adobe Systems, Inc. http://www.adobe.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]