RE: [chairs] SPAM

[Christopher B Ferris <chrisfer@us.ibm.com>]

+1

I suggest that we at least adopt some form of obfuscation that makes it 
more
difficult for spammers to harvest email addresses. This is pretty common 
practice
and despite what Eduardo suggests, does not make the OASIS archives or 
process
any less open, IMO.

Cheers,

Christopher Ferris
STSM, Emerging e-business Industry Architecture
email: chrisfer@us.ibm.com
blog: http://webpages.charter.net/chrisfer/blog.html
phone: +1 508 377 9295

"Philpott, Robert" <rphilpott@rsasecurity.com> wrote on 04/13/2004 
03:51:54 PM:

> I'll counter Eduardo's point a little bit.  I for one do know that my 
work
> email address being posted in the OASIS archives has directly resulted 
in it
> being harvested and placed in the spam lists.
> 
> But I use a decent client spam filter and it's not quite so bothersome 
any
> more.
> 
> However, there is one point I want to make re: openness and spam.  I 
know a
> number of individuals that absolutely will not post to the OASIS lists
> because once they do, their email address is likely to end up on the
> spammers lists.  So here is a case where the policy of not obfuscating 
or
> hiding email addresses hinders the openness we all desire.  We miss out 
on
> debate from those individuals who force themselves to just lurk.
> 
> I personally don't care about this issue - as I said - I've got a decent
> spam filter.  But I thought I'd raise this other viewpoint.
> 
> Now stand away from that fire Eduardo...
> 
> Rob Philpott
> Senior Consulting Engineer 
> RSA Security Inc. 
> Tel: 781-515-7115 
> Mobile: 617-510-0893 
> Fax: 781-515-7020 
> mailto:rphilpott@rsasecurity.com 
> 
> 
> > -----Original Message-----
> > From: Eduardo Gutentag [mailto:Eduardo.Gutentag@Sun.COM]
> > Sent: Tuesday, April 13, 2004 2:50 PM
> > To: chairs@lists.oasis-open.org
> > Subject: Re: [chairs] SPAM
> > 
> > All,
> > 
> > I have to confess that I have watched with mounting alarm the turn 
this
> > discussion has
> > taken.
> > 
> > I would like to make a couple of observations, at the risk of sounding
> > heretical and
> > ready to be tossed on the fire.
> > 
> > My first cause for alarm has been the casual easiness with which the
> > openness of the
> > archives has been put aside. I believe that hiding the sender of 
archived
> > messages in
> > a manner that makes it almost impossible for most human beings to 
respond
> > to or contact the
> > sender easily does a disservice to the spirit of openness of OASIS 
itself.
> > Openess has risks.
> > If we can't live with this we should neither belong to nor work in the
> > OASIS environment.
> > Spamming is one of the risks. Being responded to by someone one has 
never
> > met is another.
> > Or is that in fact an advantage rather than a risk? Sometimes it's a 
pain.
> > Sometimes it's a real
> > pleasure. Are we going to deny this to ourselves just because some 
receive
> > more spam than they know
> > how to deal with?
> > 
> > Another cause for concern has been the fact that *no one* has argued 
that
> > OASIS is
> > the wrong point at which to fight the spam that individuals receive. 
First
> > of all, there
> > is no evidence that the spam received by Duane (who started this 
thread)
> > can or should be
> > blamed on OASIS archives. It's anecdotal. It's unprovable. In my
> > particular anecdotal case
> > I don't believe I've experienced an increase in spam due to activities 
in
> > OASIS. 70% of the
> > spam directed at me goes to eduardo@eng.sun.com, which is an address I
> > have neither used
> > nor signed with for years and years. It nevertheless exists somewhere 
in
> > the Internet; I
> > don't know where and I don't care. I just filter it out and inspect 
every
> > so often. Because
> > that's one of the points at which one should fight spam: at the client
> > level. Get yourself
> > an intelligent, spam aware client or filtering mechanism and smile. 
Don't
> > mess with the
> > OASIS archives just because your IT department tells you you have to 
use a
> > bad client. Don't
> > mess with the OASIS archives just because your IT department does not 
know
> > how to filter spam.
> > The right points at which to fight spam are the client, the server, 
the
> > law and the email
> > standards, not the OASIS archives.
> > 
> > Just like the only proven way of securing a computer from internet 
based
> > attacks is by unplugging it from the net, the only proven way of
> > protecting oneself from spam
> > is by not sending email: every time you send email to someone whose
> > computer could be
> > the victim of a virus, you run the risk of having your address 
forwarded
> > to a spammer. Are
> > you going to stop sending email because of that? Or are you instead 
going
> > to try to get the
> > right protection at the right level?
> > 
> > 
> > --
> > Eduardo Gutentag               |         e-mail: 
eduardo.gutentag@Sun.COM
> > Web Technologies and Standards |         Phone:  +1 510 550 4616 
x31442
> > Sun Microsystems Inc.          |         W3C AC Rep / OASIS BoD