Re: [tlug] Email address munging in the TLUG archives (C&C)

["Stephen J. Turnbull" <stephen@example.com>]

Edward Middleton writes:

 > An email address I previously used is already widely disseminated.  I
 > have been coming up as the first non-dead Edward Middleton on google for
 > some time, and until recently so did my email address.  While I can
 > understand your need to disseminate your contact details, the previously
 > googlable email account has such a low signal to noise ratio that spam
 > filtering is ineffective.

Both of my active accounts are easily harvestable, and spam filtering
is very effective.  The last couple of weeks spam has been getting
through frequently enough that next week I'll take a few minutes to
read a few and shore up my filters, as a *proactive* matter.  It's not
a level that noticably impacts my work; I take about 10X that much
damage from my boss.  If you have abandoned active use of the previous
account, of course spam filtering on it will do you no good.

 > > If you want to be known as "Addressee Unknown", I can't really blame
 > > you.  But please don't deny me the honor of standing up for Truth,
 > > Justice, and the RFC Way.
 > 
 > I have to write you an RFC?

No and yes.  No, you're not obliged to do any such thing.  But I'd
certainly be much happier if these proposals were written in RFC
style, with concrete implementation details and references to existing
best practice.

 > > And they just sign up for another one.  Abuse by members is not
 > > preventable without moderation.
 > 
 > If this sort of abuse occurs it is clear and limited in its damage.

That's simply not true.  For whatever reason, TLUG has not been much
targeted by spammers/miscreants.  But according to posts on the
Mailman lists, more than one large list has been forced to go to
approval for new members rather than email confirmation because of
subscribe-and-spam 'bot attacks.

And there was an incident in TLUG history (maybe you can see some of
the fallout in the archives, though most of the tactical discussion
took place offlist) where subscription screening took place for a
period because of an attack by a determined individual.

 > Harvesting email addresses from posts to the mailing list if far more
 > serious a problem then a single spam.

It would be if the TLUG lists were the only way to get those
addresses.

If the majority of TLUG members use closely guarded email addresses as
their posting address, then yes, harvesting is the bigger problem for
the list as a whole.  Otherwise, it's a judgment call.

If I were going to run such an operation, I think what I would do is
to set up a virtual host (could be tlug.jp itself) with a program that
has a Mailman like user interface.  But instead of setting up a
mailing list you can subscribe to, the equivalent of the
"subscription" would be a flexible "spam fighting alias" like
<stephen@example.com> with the following options:

1.  Throw away all mail to the address (presumably just log the
    attempt and throw a 550 no such user).
2.  Spam filter and cache the accepted mail for some period of time
    (say two weeks).  Every week send a notice to the real address
    containing a date, author, subject triple for each message.
3.  Spam filter and send a digest at intervals (most decent MUAs can
    treat this like a folder, so scanning it is fairly efficient).
4.  Send a digest.

One advantage to such a scheme would be the potential for cross-checks
on the messages to different users.  (I don't push that kind of thing
very hard because it would require substantial hacking effort to go
beyond what spamassassin and dspam and friends offer, but it would be
an interesting possibility.)

Of course this requires substantial resources of disk, CPU, and
bandwidth; I don't think TLUG wants to get into it at present.