OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

chairs message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [chairs] SPAM


I am not convinced that this is "the wrong place to fight spam". I happen to believe that spam filters at the end of the line is "the wrong place", because it does nothing to reduce the load on all the intermediate nodes.
 
I'd suggest that we could adopt a relatively simple approach that would reduce the amount of spam, without losing the (dubious, IMHO) advantage of people being able to respond individually.
 
We could simply blank out the "@" character - a human can look at the string "chairs lists.oasis-open.org" or "richt2 us.ibm.com" and guess where the @ character should be - much harder for a program, because we've removed the very character it's looking for. Sure, a purpose-built harvester might work this out (keying off ".com", probably), but the simpler ones would fail, and that would reduce the amount of spam, which is not a bad thing. If we wanted to get fancier, we could blank the "." as well, and then an e-mail address would be quite difficult to distinguish from regular text.
 
Tony Rogers
tony.rogers ca.com    :-)
-----Original Message-----
From: Rich Thompson [mailto:richt2@us.ibm.com]
Sent: Wed 14-Apr-04 6:52
To: chairs@lists.oasis-open.org
Cc:
Subject: RE: [chairs] SPAM


The quantity of spam I receive jumped by an order of magnitude when I became active on the OASIS email lists, but I also agree that it is the wrong place to seek and fight spam. My spam filters now take out around 90% so that I only have to deal with a few dozen spam emails a day. I know of people who use a different email list for posting than they do for lurking such that spammers pick up an unmonitored email address. I'm sure there are other solutions as well, but losing the ability to directly respond to someone would be a huge loss. I have received multiple inquires over time that resulted from a lurker forwarding a thread to a colleague who then directly emailed me.

Rich Thompson
OASIS WSRP TC Chair
Interaction Middleware and Standards for Portal Server
IBM T.J. Watson Research Center / Yorktown Heights, NY
Phone: (914) 945-3225 / (203) 445-0384    email: richt2@us.ibm.com



"Philpott, Robert" <rphilpott@rsasecurity.com>

04/13/2004 03:51 PM

To
"'Eduardo Gutentag'" <Eduardo.Gutentag@Sun.COM>, "'chairs@lists.oasis-open.org'" <chairs@lists.oasis-open.org>
cc
Subject
RE: [chairs] SPAM





I'll counter Eduardo's point a little bit.  I for one do know that my work
email address being posted in the OASIS archives has directly resulted in it
being harvested and placed in the spam lists.

But I use a decent client spam filter and it's not quite so bothersome any
more.

However, there is one point I want to make re: openness and spam.  I know a
number of individuals that absolutely will not post to the OASIS lists
because once they do, their email address is likely to end up on the
spammers lists.  So here is a case where the policy of not obfuscating or
hiding email addresses hinders the openness we all desire.  We miss out on
debate from those individuals who force themselves to just lurk.

I personally don't care about this issue - as I said - I've got a decent
spam filter.  But I thought I'd raise this other viewpoint.

Now stand away from that fire Eduardo...

Rob Philpott
Senior Consulting Engineer
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com


> -----Original Message-----
> From: Eduardo Gutentag [mailto:Eduardo.Gutentag@Sun.COM]
> Sent: Tuesday, April 13, 2004 2:50 PM
> To: chairs@lists.oasis-open.org
> Subject: Re: [chairs] SPAM
>
> All,
>
> I have to confess that I have watched with mounting alarm the turn this
> discussion has
> taken.
>
> I would like to make a couple of observations, at the risk of sounding
> heretical and
> ready to be tossed on the fire.
>
> My first cause for alarm has been the casual easiness with which the
> openness of the
> archives has been put aside. I believe that hiding the sender of archived
> messages in
> a manner that makes it almost impossible for most human beings to respond
> to or contact the
> sender easily does a disservice to the spirit of openness of OASIS itself.
> Openess has risks.
> If we can't live with this we should neither belong to nor work in the
> OASIS environment.
> Spamming is one of the risks. Being responded to by someone one has never
> met is another.
> Or is that in fact an advantage rather than a risk? Sometimes it's a pain.
> Sometimes it's a real
> pleasure. Are we going to deny this to ourselves just because some receive
> more spam than they know
> how to deal with?
>
> Another cause for concern has been the fact that *no one* has argued that
> OASIS is
> the wrong point at which to fight the spam that individuals receive. First
> of all, there
> is no evidence that the spam received by Duane (who started this thread)
> can or should be
> blamed on OASIS archives. It's anecdotal. It's unprovable. In my
> particular anecdotal case
> I don't believe I've experienced an increase in spam due to activities in
> OASIS. 70% of the
> spam directed at me goes to eduardo@eng.sun.com, which is an address I
> have neither used
> nor signed with for years and years. It nevertheless exists somewhere in
> the Internet; I
> don't know where and I don't care. I just filter it out and inspect every
> so often. Because
> that's one of the points at which one should fight spam: at the client
> level. Get yourself
> an intelligent, spam aware client or filtering mechanism and smile. Don't
> mess with the
> OASIS archives just because your IT department tells you you have to use a
> bad client. Don't
> mess with the OASIS archives just because your IT department does not know
> how to filter spam.
> The right points at which to fight spam are the client, the server, the
> law and the email
> standards, not the OASIS archives.
>
> Just like the only proven way of securing a computer from internet based
> attacks is by unplugging it from the net, the only proven way of
> protecting oneself from spam
> is by not sending email: every time you send email to someone whose
> computer could be
> the victim of a virus, you run the risk of having your address forwarded
> to a spammer. Are
> you going to stop sending email because of that? Or are you instead going
> to try to get the
> right protection at the right level?
>
>
> --
> Eduardo Gutentag               |         e-mail: eduardo.gutentag@Sun.COM
> Web Technologies and Standards |         Phone:  +1 510 550 4616 x31442
> Sun Microsystems Inc.          |         W3C AC Rep / OASIS BoD



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]