OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

chairs message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [no subject]

human to look at the address and create a simple rule for how to

recreate the original.


-Karl


p.s. <<chuckle> the rotating banner at the top of the Slashdot page
when

I viewed it was an O'Reilly ad for a book on creating spiders and

bots... <</>





Eve L. Maler wrote:


<excerpt>Why not just use a mechanistic, but variable, means of
disguising the

email address the way Slashdot does?  An example appears here:


 http://slashdot.org/comments.pl?sid=103884&cid=8848779


The email link shows up as:


 mailto:heironymouscoward%40yah%5B%20%5Dcom%20%5B'oo.'%20in%20gap%5D


A human can decode this as necessary, but a machine has a much tougher

time.  Here's another:


 http://slashdot.org/comments.pl?sid=103883&cid=8848358


The email link shows up as:


 mailto:dgorman%40nosPaM.arete.cc


Etc.  I believe the engine behind Slashdot is open-source, so maybe

</excerpt></excerpt></excerpt></excerpt>that

<excerpt><excerpt><excerpt><excerpt>(or part of it, anyway) can be
used.  Though I wonder about its

effectiveness if a spammer can locate all the disguise techniques in a

file somewhere...


   Eve


Karl F. Best wrote:



<excerpt>Chairs:


I'll open another can of worms and jump into this :-)


I agree with you wholeheartedly, Duane, that this is a problem. I'll

bet that I get more spam than you do (few hundred a day). And I have

no doubt that all this is because of spammers harvesting addresses

from our list archives.


Of course a knee-jerk reaction would be to close off the archives so

that nobody can get to them, but given that the OASIS philosophy is

openness and accountability we need to keep things open and

</excerpt></excerpt></excerpt></excerpt></excerpt>accessible.

<excerpt><excerpt><excerpt><excerpt><excerpt>

There seems to be two possible solutions: either disguise the

addresses stored in the archives, or to somehow block access so that

only a human can get through. (I don't think that we want to go down

the path of an offensive strategy such as what Duane suggests.)


Lacking a foolproof Turing test to allow only human access to the

archives, I think the best and easiest solution will probably be to

disguise the email addresses attached to each message so that whatever

is harvested in unusable by spammers. The disguise would have to be

such that the harvester would not be able to accurately or easily

recreate the address. Obviously substituting the word "at" for the @

sign isn't going to fool anybody for very long. But whatever we do may

not disguise the actual identity of the sender; we need to know who

sent the message.


A final question is whether it is necessary for a person to be able to

respond to a message he found in the archives; i.e. does the guy on

the street need to be able to figure out how to respond to Duane when

he reads something thet Duane wrote? Perhaps this requirement is not

so important, as TC members already know how to respond to the TC

list, and the guy on the street is already given instructions for

sending a comment to the TC.


If the above is acceptable then perhaps I could suggest (and please

note, this is just a strawman for discussion, not an official OASIS

proposal) that we delete some portion of the address after the @ sign.

We could delete all of it, leaving just "duane@", for example, but

then we loose any idea about what company Duane was at, whether Yellow

Dragon or Adobe (and it may be important for IPR reasons to know). So

maybe we could leave the first couple of characters after the @ sign,

resulting in "duane@ye" or "duane@ad". If we left three characters

then we'd get "sun" and "ibm" etc. which would make it possible to

reconstruct the address. But then again with only two we would get

</excerpt>

</excerpt></excerpt>"hp".


<excerpt><excerpt><excerpt>So, any comments on whether it should be a
requirement for a human to

still be able to figure out the email address? And, if that's not a

requirement, what do you think of my above suggestion?


-Karl


p.s. Duane, I hope you don't mind me using you as the example :-)

</excerpt>

</excerpt>

-- 

=================================================================

Karl F. Best

Vice President, OASIS

office  +1 978.667.5115 x206     mobile +1 978.761.1648

karl.best@oasis-open.org      http://www.oasis-open.org



</excerpt>




</excerpt>


-- 

=================================================================

Karl F. Best

Vice President, OASIS

office  +1 978.667.5115 x206     mobile +1 978.761.1648

karl.best@oasis-open.org      http://www.oasis-open.org



</excerpt>


</excerpt><color><param>FFFF,1010,0D0D</param><bigger>___________________________</bigger></color><bigger>

Matthew MacKenzie

</bigger><color><param>FFFF,0F0F,0909</param><smaller>Senior Architect

IDBU Server Solutions

Adobe Systems Canada Inc.

http://www.adobe.com/products/server/

mattm@adobe.com

+1 (506) 871.5409</smaller></color>


--Boundary_(ID_boVM71Bm/STYfIrPtnE7sw)--

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]