First, sorry to continue this on the [PIC] tag, but everyone needs to see
Based on this discussion and the growing number of public "feeds" of the
PICList with NO or little security I am going to stop requiring registration
for viewing of the PICList.com archive of the PICList.
In case you are confused: This eMail list (spam_OUTpiclistTakeThisOuTmit.edu) is hosted by MIT
and I and several others are list owners. PICList.com is a wiki-type web
site I host that is meant to be a FAQ and archive for the email list. And
may need to be a backup of the email list if MIT ever drops us. <insert
I was aghast at how easy it is to rip some of these public "feeds" to get
email addresses and more. For a spammer harvesting target emails, it is
instant gratification. No need to subscribe and wait for emails, just rip
them _right now_! We can go about and kill the feeds (e.g. we killed the
blogger feed due to error messages it sent to members when they posted) but
if we kill the "public" feeds, then the public has no way to read the
PICList except via the "private" feeds.
One argument for the public archives is that they do not require email
registration to view as the PICList.com archive does. Some people object,
violently in some cases, to giving out their email address in order to see
other peoples email addresses. Hummm... I wonder why? Anyway, even people
who have no known affiliation to spammers and are respected members in good
standing of our little community have objected to the registration. And some
have opened up feeds to public archives apparently in response to that.
If we go and kill the public feeds, the objection will be (has been) that
the PICList.com archive is private.
In my mind, that is the freaking point, but if people are going to open
these public feeds, which do little or NOTHING to protect your email
address, in response to the main archive being private, then it may be for
the best to make the main archive public and just make sure it mungs the
heck out of the emails, looks for site rippers and spiders, and tries, best
it can to stop your email address from getting into the hands of a spammer.
However... In practice it is useless... @spam@abuseKILLspamhotmail.com doesn't understand
or care that their email account was used to /harvest/ email addresses for a
spammer, they only care if their email account was used the /send/ spam. If
that. And receiving and processing emails from a bogus account is pain on my
server for technical reasons.
So, I'm going to drop the private status and allow anyone to view the
archive. Before I do that, I'm going to review the munging of email
addresses, both the person who posts and any email addresses found in the
body of the post, just to make sure it is pretty darn "mungerific." Spell
check will have fun with that one.
James Newton, Host wrote:
> So, I'm going to drop the private status and allow anyone to view the
Big deal. Given that all that stuff is out there already, security at your
site is pointless.
> Before I do that, I'm going to review the munging of email
> addresses, both the person who posts and any email addresses found in
> the body of the post, just to make sure it is pretty darn
Why bother? It's all out there already. Spammers found my piclist-only
email address years ago, and I get the same amount of spam on it as my real
email addresses. Unless you enjoy doing this, closing the barn door after
the horses fled, died of old age, and the rest of the barn burnt down is a
waste of time.
In a perfect world it would be nice to keep the archive private. People say
different things when they think they are talking privately to a closed
group versus expecting it to be recorded for all to see for all time. The
only real problem I see is folks that may have thought they were having a
closed conversation in days past will now have it made public. But there's
nothing that can be done about it, so there's no point fretting about it.
Nobody that's been paying attention could possibly have the illusion that
anything they say today on the list will remain private.
In other words: It sucks, but that's the way it is. Get over it.
Embed Inc, embedded system specialists in Littleton Massachusetts
(978) 742-9014, http://www.embedinc.com
>> Before I do that, I'm going to review the munging of email
>> addresses, both the person who posts and any email addresses found in
>> the body of the post, just to make sure it is pretty darn
> Why bother? It's all out there already.
Hey, yours maybe. I only get a spam every month or so, and I'd like to
keep it that way, thank you very much.
Well, its just great that this generated so much discussion.
Since most of you seem to have lives, I went ahead and did it. The
piclist.com archive is now public.
I would be very curious to see how some of you see email addresses in the
body rendered. If you think it isn't being munged, try to copy or otherwise
automatically get an email address from the body and notice what you get.
If you see email addresses with strange gaps, then you aren't using IE but
at least they will be easy to read. Still hard to copy.
If you see the email addresses with weird words in them, you aren't running
a modern brower or if you are, please do a screen capture and send it to me
with the name of your browser, etc...
I hope people get some good use out of the archive and send me lots of
feedback on what you like and don't like about it.
On Wed, 14 Sep 2005 18:47:51 -0700, James Newton, Host wrote:
> I hope people get some good use out of the archive and send me lots of
> feedback on what you like and don't like about it.
It looks good here (using FireFox under OS/2) and I like the way it mungs the email address in a different way
I'd like to change the email address I use for PIClist to something unique, to see if/when it gets out there
with the spammers. Obviously for stuff I send I have to do it at this end, but how do I do this for the
address that you send it to?