I am not convinced that this is "the wrong place to fight spam". I happen
to believe that spam filters at the end of the line is "the wrong place",
because it does nothing to reduce the load on all the intermediate nodes.
I'd suggest that we could adopt a relatively simple approach that would
reduce the amount of spam, without losing the (dubious, IMHO) advantage of
people being able to respond individually.
We could simply blank out the "@" character - a human can look at the
string "chairs lists.oasis-open.org" or "richt2 us.ibm.com" and guess where
the @ character should be - much harder for a program, because we've removed the
very character it's looking for. Sure, a purpose-built harvester might work this
out (keying off ".com", probably), but the simpler ones would fail, and that
would reduce the amount of spam, which is not a bad thing. If we wanted to get
fancier, we could blank the "." as well, and then an e-mail address would be
quite difficult to distinguish from regular text.
Tony Rogers
tony.rogers ca.com :-)
-----Original Message----- From: Rich Thompson
[mailto:richt2@us.ibm.com] Sent: Wed 14-Apr-04 6:52 To:
chairs@lists.oasis-open.org Cc: Subject: RE: [chairs]
SPAM
The quantity of spam
I receive jumped by an order of magnitude when I became active on the OASIS
email lists, but I also agree that it is the wrong place to seek and fight
spam. My spam filters now take out around 90% so that I only have to deal with
a few dozen spam emails a day. I know of people who use a different email list
for posting than they do for lurking such that spammers pick up an unmonitored
email address. I'm sure there are other solutions as well, but losing the
ability to directly respond to someone would be a huge loss. I have received
multiple inquires over time that resulted from a lurker forwarding a thread to
a colleague who then directly emailed me.
Rich Thompson OASIS WSRP TC Chair Interaction Middleware and
Standards for Portal Server IBM T.J. Watson Research Center / Yorktown
Heights, NY Phone: (914) 945-3225 / (203) 445-0384 email:
richt2@us.ibm.com
"Philpott, Robert"
<rphilpott@rsasecurity.com>
04/13/2004 03:51 PM
|
To
| "'Eduardo Gutentag'"
<Eduardo.Gutentag@Sun.COM>, "'chairs@lists.oasis-open.org'"
<chairs@lists.oasis-open.org>
|
cc
|
|
Subject
| RE: [chairs]
SPAM |
|
I'll counter Eduardo's point a little bit. I for one do know
that my work email address being posted in the OASIS archives has directly
resulted in it being harvested and placed in the spam lists.
But I
use a decent client spam filter and it's not quite so bothersome
any more.
However, there is one point I want to make re: openness
and spam. I know a number of individuals that absolutely will not
post to the OASIS lists because once they do, their email address is likely
to end up on the spammers lists. So here is a case where the policy
of not obfuscating or hiding email addresses hinders the openness we all
desire. We miss out on debate from those individuals who force
themselves to just lurk.
I personally don't care about this issue - as
I said - I've got a decent spam filter. But I thought I'd raise this
other viewpoint.
Now stand away from that fire Eduardo...
Rob
Philpott Senior Consulting Engineer RSA Security Inc. Tel:
781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com
> -----Original
Message----- > From: Eduardo Gutentag
[mailto:Eduardo.Gutentag@Sun.COM] > Sent: Tuesday, April 13, 2004 2:50
PM > To: chairs@lists.oasis-open.org > Subject: Re: [chairs]
SPAM > > All, > > I have to confess that I have
watched with mounting alarm the turn this > discussion has >
taken. > > I would like to make a couple of observations, at the
risk of sounding > heretical and > ready to be tossed on the
fire. > > My first cause for alarm has been the casual easiness
with which the > openness of the > archives has been put aside. I
believe that hiding the sender of archived > messages in > a
manner that makes it almost impossible for most human beings to
respond > to or contact the > sender easily does a disservice to
the spirit of openness of OASIS itself. > Openess has risks. > If
we can't live with this we should neither belong to nor work in the >
OASIS environment. > Spamming is one of the risks. Being responded to by
someone one has never > met is another. > Or is that in fact an
advantage rather than a risk? Sometimes it's a pain. > Sometimes it's a
real > pleasure. Are we going to deny this to ourselves just because
some receive > more spam than they know > how to deal
with? > > Another cause for concern has been the fact that *no
one* has argued that > OASIS is > the wrong point at which to
fight the spam that individuals receive. First > of all, there >
is no evidence that the spam received by Duane (who started this
thread) > can or should be > blamed on OASIS archives. It's
anecdotal. It's unprovable. In my > particular anecdotal case > I
don't believe I've experienced an increase in spam due to activities
in > OASIS. 70% of the > spam directed at me goes to
eduardo@eng.sun.com, which is an address I > have neither used >
nor signed with for years and years. It nevertheless exists somewhere
in > the Internet; I > don't know where and I don't care. I just
filter it out and inspect every > so often. Because > that's one
of the points at which one should fight spam: at the client > level. Get
yourself > an intelligent, spam aware client or filtering mechanism and
smile. Don't > mess with the > OASIS archives just because your IT
department tells you you have to use a > bad client. Don't > mess
with the OASIS archives just because your IT department does not know >
how to filter spam. > The right points at which to fight spam are the
client, the server, the > law and the email > standards, not the
OASIS archives. > > Just like the only proven way of securing a
computer from internet based > attacks is by unplugging it from the net,
the only proven way of > protecting oneself from spam > is by not
sending email: every time you send email to someone whose > computer
could be > the victim of a virus, you run the risk of having your
address forwarded > to a spammer. Are > you going to stop sending
email because of that? Or are you instead going > to try to get
the > right protection at the right level? > > >
-- > Eduardo Gutentag |
e-mail: eduardo.gutentag@Sun.COM > Web
Technologies and Standards | Phone: +1 510
550 4616 x31442 > Sun Microsystems Inc.
| W3C AC Rep / OASIS
BoD
|