[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [chairs] SPAM
David: I like the idea. It would require a bit of extra processing for each message to match the sender with the Kavi database. The big problem, though, is that we don't have membership numbers; the "key" or unique identifier in the database is the email address. But this might have some merit anyway. We'll think about what might be possible. -Karl David RR Webber wrote: > Karl, > > Replacing the address with the OASIS # satisfies your > requirement. It's basically impossible since there is > no correlation. > > The only way back is if you have the OASIS membership > / number xref list. > > My guess is you could setup a simple Java program or > XSLT script to do this replacement stripping... > > DW. > > ----- Original Message ----- > From: "Karl F. Best" <karl.best@oasis-open.org> > To: "Eve L. Maler" <Eve.Maler@Sun.COM> > Cc: <chairs@lists.oasis-open.org> > Sent: Tuesday, April 13, 2004 12:10 PM > Subject: Re: [chairs] SPAM > > > >>Yeah, we thought about something like that, i.e. replacement of the >>address with some sort of code. But in order to be effective it must be >>costly (i.e. impossible for a machine, requires a human) to re-convert >>large quantities of addresses, but simple for a human to re-convert a >>single address. >> >> From the first Slashdot example, at least, it would be simple for a >>human to look at the address and create a simple rule for how to >>recreate the original. >> >>-Karl >> >>p.s. <chuckle> the rotating banner at the top of the Slashdot page when >>I viewed it was an O'Reilly ad for a book on creating spiders and >>bots... </> >> >> >> >> >>Eve L. Maler wrote: >> >>>Why not just use a mechanistic, but variable, means of disguising the >>>email address the way Slashdot does? An example appears here: >>> >>> http://slashdot.org/comments.pl?sid=103884&cid=8848779 >>> >>>The email link shows up as: >>> >>> mailto:heironymouscoward%40yah%5B%20%5Dcom%20%5B'oo.'%20in%20gap%5D >>> >>>A human can decode this as necessary, but a machine has a much tougher >>>time. Here's another: >>> >>> http://slashdot.org/comments.pl?sid=103883&cid=8848358 >>> >>>The email link shows up as: >>> >>> mailto:dgorman%40nosPaM.arete.cc >>> >>>Etc. I believe the engine behind Slashdot is open-source, so maybe that >>>(or part of it, anyway) can be used. Though I wonder about its >>>effectiveness if a spammer can locate all the disguise techniques in a >>>file somewhere... >>> >>> Eve >>> >>>Karl F. Best wrote: >>> >>> >>>>Chairs: >>>> >>>>I'll open another can of worms and jump into this :-) >>>> >>>>I agree with you wholeheartedly, Duane, that this is a problem. I'll >>>>bet that I get more spam than you do (few hundred a day). And I have >>>>no doubt that all this is because of spammers harvesting addresses >>>>from our list archives. >>>> >>>>Of course a knee-jerk reaction would be to close off the archives so >>>>that nobody can get to them, but given that the OASIS philosophy is >>>>openness and accountability we need to keep things open and accessible. >>>> >>>>There seems to be two possible solutions: either disguise the >>>>addresses stored in the archives, or to somehow block access so that >>>>only a human can get through. (I don't think that we want to go down >>>>the path of an offensive strategy such as what Duane suggests.) >>>> >>>>Lacking a foolproof Turing test to allow only human access to the >>>>archives, I think the best and easiest solution will probably be to >>>>disguise the email addresses attached to each message so that whatever >>>>is harvested in unusable by spammers. The disguise would have to be >>>>such that the harvester would not be able to accurately or easily >>>>recreate the address. Obviously substituting the word "at" for the @ >>>>sign isn't going to fool anybody for very long. But whatever we do may >>>>not disguise the actual identity of the sender; we need to know who >>>>sent the message. >>>> >>>>A final question is whether it is necessary for a person to be able to >>>>respond to a message he found in the archives; i.e. does the guy on >>>>the street need to be able to figure out how to respond to Duane when >>>>he reads something thet Duane wrote? Perhaps this requirement is not >>>>so important, as TC members already know how to respond to the TC >>>>list, and the guy on the street is already given instructions for >>>>sending a comment to the TC. >>>> >>>>If the above is acceptable then perhaps I could suggest (and please >>>>note, this is just a strawman for discussion, not an official OASIS >>>>proposal) that we delete some portion of the address after the @ sign. >>>>We could delete all of it, leaving just "duane@", for example, but >>>>then we loose any idea about what company Duane was at, whether Yellow >>>>Dragon or Adobe (and it may be important for IPR reasons to know). So >>>>maybe we could leave the first couple of characters after the @ sign, >>>>resulting in "duane@ye" or "duane@ad". If we left three characters >>>>then we'd get "sun" and "ibm" etc. which would make it possible to >>>>reconstruct the address. But then again with only two we would get >>> > "hp". > >>>>So, any comments on whether it should be a requirement for a human to >>>>still be able to figure out the email address? And, if that's not a >>>>requirement, what do you think of my above suggestion? >>>> >>>>-Karl >>>> >>>>p.s. Duane, I hope you don't mind me using you as the example :-) >>> >> >>-- >>================================================================= >>Karl F. Best >>Vice President, OASIS >>office +1 978.667.5115 x206 mobile +1 978.761.1648 >>karl.best@oasis-open.org http://www.oasis-open.org >> >> > > > > -- ================================================================= Karl F. Best Vice President, OASIS office +1 978.667.5115 x206 mobile +1 978.761.1648 karl.best@oasis-open.org http://www.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]