Re: [chairs] SPAM

[Duane Nickull <dnickull@adobe.com>]

The easiest way to obfuscate the email addresses, yet still allow humans 
to read them is the way I suggested.

duane[fdwrse]nickull.net (NOTE: to email this person, replace everything 
between the brackets with the "@" sign)

and vary the delimiter to confuse the bots.

Remember that the source for the HTMl cannot have

<a href="mailto:duane@nickull.net>duane[fdwrse]nickull.net</a>

since the bots will harvest the source with equal zeal.

Duane

Philpott, Robert wrote:

> Btw - it's not just the mail archives that list the chair's email 
> addresses - each TC's home page also includes the address of any 
> chairs and secretaries.  I suspect the major problem is the list 
> archives rather than the main TC pages, although thouse also are 
> harvested, I'm sure. Those on the main external page could be removed 
> since the "Send a Comment" button sends email to the chair(s).
>
>  
>
> I don't think that obfuscating necessarily would have to prevent 
> direct response messages.  I would guess that MOST folks that want to 
> respond to a message may have OASIS accounts but just aren't members 
> of a TC they've been browsing through. I don't know how hard it is to 
> do this, but perhaps the obfuscated name could be turned into a link 
> that displayed the person's contact info but required an OASIS login 
> to see it.  (If you are logged in, you can already look up a member's 
> contact info by viewing a TC's roster and clicking on the person's name.)
>
>  
>
> An OASIS non-member lurker can always send a note to the chairs (Send 
> a Comment button) who can pass it along to another member if needed.  
> Or, perhaps there could be a "Send a Comment" button on each page 
> displayed from the list archive that would send the message to the 
> person that posted the message, but without displaying their contact info.
>
>  
>
> Anyway, I think there could be some options without eliminating the 
> possibility of responding but yet still provides obfuscation.
>
>  
>
> Btw - I would like to use a separate email for public posting vs. 
> normal work, but our company doesn't allow it.
>
>  
>
> Rob Philpott
> Senior Consulting Engineer 
> RSA Security Inc.
> Tel: 781-515-7115
> Mobile: 617-510-0893
> Fax: 781-515-7020
> mailto:rphilpott@rsasecurity.com
>
> -----Original Message-----
> From: Rich Thompson [mailto:richt2@us.ibm.com]
> Sent: Tuesday, April 13, 2004 4:53 PM
> To: chairs@lists.oasis-open.org
> Subject: RE: [chairs] SPAM
>
>  
>
>
> The quantity of spam I receive jumped by an order of magnitude when I 
> became active on the OASIS email lists, but I also agree that it is 
> the wrong place to seek and fight spam. My spam filters now take out 
> around 90% so that I only have to deal with a few dozen spam emails a 
> day. I know of people who use a different email list for posting than 
> they do for lurking such that spammers pick up an unmonitored email 
> address. I'm sure there are other solutions as well, but losing the 
> ability to directly respond to someone would be a huge loss. I have 
> received multiple inquires over time that resulted from a lurker 
> forwarding a thread to a colleague who then directly emailed me.
>
> Rich Thompson
> OASIS WSRP TC Chair
> Interaction Middleware and Standards for Portal Server
> IBM T.J. Watson Research Center / Yorktown Heights, NY
> Phone: (914) 945-3225 / (203) 445-0384    email: richt2@us.ibm.com
>
> "Philpott, Robert" <rphilpott@rsasecurity.com>
>
> 04/13/2004 03:51 PM
>
> To
>
> "'Eduardo Gutentag'" <Eduardo.Gutentag@Sun.COM>, "'chairs@lists.oasis-open.org'" <chairs@lists.oasis-open.org>
>
> cc
>
>  
>
> Subject
>
> RE: [chairs] SPAM
>
>  
>
>  
>
>  
>
>
>
>
> I'll counter Eduardo's point a little bit.  I for one do know that my work
> email address being posted in the OASIS archives has directly resulted 
> in it
> being harvested and placed in the spam lists.
>
> But I use a decent client spam filter and it's not quite so bothersome any
> more.
>
> However, there is one point I want to make re: openness and spam.  I 
> know a
> number of individuals that absolutely will not post to the OASIS lists
> because once they do, their email address is likely to end up on the
> spammers lists.  So here is a case where the policy of not obfuscating or
> hiding email addresses hinders the openness we all desire.  We miss out on
> debate from those individuals who force themselves to just lurk.
>
> I personally don't care about this issue - as I said - I've got a decent
> spam filter.  But I thought I'd raise this other viewpoint.
>
> Now stand away from that fire Eduardo...
>
> Rob Philpott
> Senior Consulting Engineer
> RSA Security Inc.
> Tel: 781-515-7115
> Mobile: 617-510-0893
> Fax: 781-515-7020
> mailto:rphilpott@rsasecurity.com
>
>
>> -----Original Message-----
>> From: Eduardo Gutentag [mailto:Eduardo.Gutentag@Sun.COM]
>> Sent: Tuesday, April 13, 2004 2:50 PM
>> To: chairs@lists.oasis-open.org
>> Subject: Re: [chairs] SPAM
>>
>> All,
>>
>> I have to confess that I have watched with mounting alarm the turn this
>> discussion has
>> taken.
>>
>> I would like to make a couple of observations, at the risk of sounding
>> heretical and
>> ready to be tossed on the fire.
>>
>> My first cause for alarm has been the casual easiness with which the
>> openness of the
>> archives has been put aside. I believe that hiding the sender of archived
>> messages in
>> a manner that makes it almost impossible for most human beings to respond
>> to or contact the
>> sender easily does a disservice to the spirit of openness of OASIS 
> itself.
>> Openess has risks.
>> If we can't live with this we should neither belong to nor work in the
>> OASIS environment.
>> Spamming is one of the risks. Being responded to by someone one has never
>> met is another.
>> Or is that in fact an advantage rather than a risk? Sometimes it's a 
> pain.
>> Sometimes it's a real
>> pleasure. Are we going to deny this to ourselves just because some 
> receive
>> more spam than they know
>> how to deal with?
>>
>> Another cause for concern has been the fact that *no one* has argued that
>> OASIS is
>> the wrong point at which to fight the spam that individuals receive. 
> First
>> of all, there
>> is no evidence that the spam received by Duane (who started this thread)
>> can or should be
>> blamed on OASIS archives. It's anecdotal. It's unprovable. In my
>> particular anecdotal case
>> I don't believe I've experienced an increase in spam due to activities in
>> OASIS. 70% of the
>> spam directed at me goes to eduardo@eng.sun.com, which is an address I
>> have neither used
>> nor signed with for years and years. It nevertheless exists somewhere in
>> the Internet; I
>> don't know where and I don't care. I just filter it out and inspect every
>> so often. Because
>> that's one of the points at which one should fight spam: at the client
>> level. Get yourself
>> an intelligent, spam aware client or filtering mechanism and smile. Don't
>> mess with the
>> OASIS archives just because your IT department tells you you have to 
> use a
>> bad client. Don't
>> mess with the OASIS archives just because your IT department does not 
> know
>> how to filter spam.
>> The right points at which to fight spam are the client, the server, the
>> law and the email
>> standards, not the OASIS archives.
>>
>> Just like the only proven way of securing a computer from internet based
>> attacks is by unplugging it from the net, the only proven way of
>> protecting oneself from spam
>> is by not sending email: every time you send email to someone whose
>> computer could be
>> the victim of a virus, you run the risk of having your address forwarded
>> to a spammer. Are
>> you going to stop sending email because of that? Or are you instead going
>> to try to get the
>> right protection at the right level?
>>
>>
>> --
>> Eduardo Gutentag               |         e-mail: eduardo.gutentag@Sun.COM
>> Web Technologies and Standards |         Phone:  +1 510 550 4616 x31442
>> Sun Microsystems Inc.          |         W3C AC Rep / OASIS BoD
>

-- 
Senior Standards Strategist
Adobe Systems, Inc.
http://www.adobe.com