Great Circle Associates List-Managers
(May 2003)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: So I got this 411 spam this morning...
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Date: Thu, 1 May 2003 09:23:09 -0700
To: Charlie Summers <charlie @ lofcom . com>
Cc: list-managers @ greatcircle . com
In-reply-to: <v03130350bad6eff8a830 @ [192 . 168 . 123 . 10]>

On Thursday, May 1, 2003, at 08:53  AM, Charlie Summers wrote:

I agree with your assessment, but even if the GreatCircle archives were "locked-down," there are the unofficial web-based archives we've discussed
here in the past to deal with.

which is why my sites have outlawed unofficial archives for a while (or more correctly, archives without our permission), and actively police for and have them shut down. We allow non-local archives if they're private, or if they agree to follow our standards, and the key standard is "no disclosing email addresses". It's one reason why we've refused to allow gmane to archive our stuff, although we're going to revisit that, I think, since I've been told their policy has changed.

And it's why I don't allow mail-archive to archive lists, too. It's a good reason why sites ought to manage their own archives, so they can control how they're run AND modify those policies when life changes.

   The problem is MUCH more wide-spread than just official archives.

it's huge. And it's a great example of a good thing going sour because of changes in technologies.

Still, any subscriber who wants to "help" can easily set up
their own archives, which once cached by Google live forever.

why my formal list rules cover this. It allows me to go in and "fix" these problems. The one site that refused to cooperate so far (in germany) simply got their butts banned, and gets re-banned every time they try to sneak back in via some new domain address or hotmail forwarder, too.

   (*sigh*) It's a much bigger problem than you suggest.

The answer, though, is fairly simple (conceptually):

All mail-list archives behind a security realm, because the spambots don't honor robots.txt. That also blocks the global search engine.

No web page with an email address accessible to the global search engines. My solution is to cloak addresses (but it's not finished yet. sigh).

The list rules/AUP/User agreement restricts public third party archives without permission. Don't give permission unless they meet your standards.

Track down and shut down all archives that do this. If that means pulling your stuff from, tough. Or lobby them to fix their site. Or something.

I'm seriously considering building special feeds just for third party archives that come pre-cloaked, so that I know their data is to my standard, and they don't have to worry about me changing standards and forcing them to update. If they subscribe to that feed, they'd know any problems are my fault.

I'm ALSO starting to think maybe it's time for mail lists to consider (at least as an option) acting as a mail forwarder for replies to list postings, which would allow us to add challenge/response systems and blacklists to those replies.

All role accounts need to be fronted by challenge/response, because either you can't NOT put them on a public web page, or it doesn't matter, because they get dictionary attacked anyway.

I started password protecting archives back around 1998 because of the spambot worry. Sorry to see I was so right. I've been trying to come up with a BETTER approach since, since I don't like cloistering the data -- or publicizing the subscriber list. I think my new approach, if I ever finish it (grump, sigh, mumble) is that compromise, for me.

But to me, any place that publicizes unprotected email addresses is hurting its users, and itself. Because as people understand how spammers are getting their addresses, they're going to stop contributing to the lists (or simply leave). It's no longer acceptable, the way we finally had to make the transition from "anyone can post" to "only subscribers can" (and that was a big fight in some quarters, but now, nobody really seems to question it).

This is the next big change, or mail lists risk turning into the same quagmire usenet turned into...

Indexed By Date Previous: Re: So I got this 411 spam this morning...
From: Mark Fletcher <markf @ snoovler . com>
Next: Re: So I got this 411 spam this morning...
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Indexed By Thread Previous: Re: So I got this 411 spam this morning...
From: Charlie Summers <charlie @ lofcom . com>
Next: Re: So I got this 411 spam this morning...
From: Istvan Berkeley <istvan @ louisiana . edu>

Search Internet Search