Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Email address munging in the TLUG archives



Date: Mon, 4 Dec 2006 18:29:14 +0900 (JST)
From: Curt Sampson <cjs@example.com>
<snip>
Personally, given that it takes only *one* unobfuscated or poorly
obfuscated address on *any* web site on the Internet to make all further
obfuscation of your address worthless, I don't think that obfuscation
is worth pursuing at all. Think about it: no matter how much time and
effort you spend, you're still no more secure than the guy doing the
least amount of work on this, or being the least careful.

I have to disagree with this point. Any small scale obfuscation is generally effective. Your basic spammer is a greedy, lazy bastard dreaming of striking gold. They base this dream on large quantities of spam which translates into large numbers of email addresses to send the spam to. They want low-hanging fruit when they are harvesting addresses. Yes, any form of obfuscation that actually results in an email address can be unobfuscated, but the spammers aren't interested in doing that work unless it's going to yield a large number of email addresses.

The hilarious punchline is that the spammers will sometimes work so
desperately hard for their dream of not working anymore--but they'll
only do that when they think there's a possible goldmine.

<snip>
Spamming is, in the end, an economic problem, and economic solutions are
what's going to fix it, if it ever gets fixed. Turing tests won't do
it because there's enough cheap programming skill out there that it's
economical to write specialized software to pass those tests.

I very much agree with this. My own plan is for a spam-proof email system that lives transparently in cooperation with SMTP. That essentially reduces the spam problem to a four cell interface table and you can let the users decide how they want to configure it. For this brief description, call it the NEMS (for New EMail System). The table is:

SMTP -> SMTP is the warlike spam-filled status quo

NEMS -> SMTP is treated as status quo (because SMTP can't do anything else)

NEMS -> NEMS is spam free

SMTP -> NEMS is the decision locus.

Me, I would want a NEMS address basically as an email address that I
could use in public without being spammed, so I would want this to
bounce any SMTP messages. If the bounce goes back to a legitimate SMTP
sender, then they would have the option of getting a NEMS address of
their own if they really want to reach me. Other people might choose
to use any of the existing filtering approaches, but this is really
reducing things back to the status quo. If they do that, then there
only real advantage is that they can automatically whitelist NEMS
email.


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links