Snort mailing list archives

Re: OT - Spam

From: JP Vossen <vossenjp () netaxs com>
Date: Fri, 25 Apr 2003 00:35:37 -0400 (EDT)

Date: Thu, 24 Apr 2003 19:29:39 -0400
To: <bmcdowell () coxhealthplans com>, <snort-users () lists sourceforge net>
From: Matt Kettler <mkettler () evi-inc com>
Subject: Re: [Snort-users] OT - Spam

At 05:46 PM 4/24/2003 -0500, bmcdowell () coxhealthplans com wrote:

I've noticed that by doing a google search for my own e-mail address, it
only appears on web-archives of these two mailing lists.  Could you
respective Admins please take steps to obfuscate the actual e-mail
addresses before posting them to the web?  As I understand it, 'bare'
e-mail addresses on web pages are big targets for spammers.

I enjoy participating in these lists, however I have notices that my
inbound spam has tripled since I joined them.
If it can't be fixed, I can respect that.  But it can, you'd probably be
doing your user-base a huge favor.


I second those!

As a subtle counter point, that might reduce the problem, but will hardly
cure it. After all, it only takes _one_ spam-database-builder subscribed to
_one_ mailing list you use to pick up your address.. from there it will
likely be copied into dozens of them.


Actually, that turns out not to be the case according to [0]:
        "Conclusions
        "3. E-mail addresses harvested from the public Web appear to have a
relatively short "shelf life."

I suspect at least one spam database miner has gotten the idea of
subscribing to all the sourceforge.net mailing lists they can find to mine
them for addresses.


That's an interesting (and unpleasant) thought that is not really covered in
[0].

So you've increased the lag time before some spam database gets your
address, but you've not really stopped it from happening. If you really
don't want your address picked up by spammers, never use it to post to any
publicly accessible mailing list, newsgroup, or web forum. As a general
rule if there's ANY way to collect addresses out of some system, there's
going to be at least one spammer desperate enough to do it.


That won't even work 100%... (See #8 below) :-(

That said, it would be a good thing for any mailing-list to usenet mirrors
to obfuscate addresses. Any small bit never hurts, but it's hardly a huge
favor.


I will briefly note the conclusions from [0] and encourage you to read the
full report, as some of it is counter-intuitive.

1.      E-mail addresses harvested from the public Web are frequently used by
spammers. By an overwhelming margin, the greatest amount of spam we received
was to addresses posted on the public Web.

2.      The amount of spam received by an address posted on the public Web is
directly related to the amount of traffic that Web site receives.

3.      E-mail addresses harvested from the public Web appear to have a
relatively short "shelf life."

4.      Addresses posted in the headers of USENET messages can receive
significant spam, though less than a posting on the public Web.

5.      Obscuring an e-mail address is an effective way to avoid spam from
harvesters on the Web or on USENET newsgroups.

6.      Sites that publish their policies and make choice available to users
generally respected those policies.

7.      Domain name registration does not seem to be a major source of spam.

8.      Even when an e-mail address has not been posted or shared in any way,
it is still possible to receive spam through various "attacks" on a mail
server.


Later,
JP

[0] http://www.cdt.org/speech/spam/030319spamreport.shtml

Also interesting: http://www.paulgraham.com/spam.html

------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|                jp () jpsdomain org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
"The software said it requires Windows 98 or better, so I installed
Linux..."



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

OT - Spam bmcdowell (Apr 24)
- Re: OT - Spam Matt Kettler (Apr 24)
- Re: OT - Spam mikem (Apr 24)
  - Re: OT - Spam Julian Brown (Apr 25)
  - Re: OT - Spam Thomas Templin (Apr 25)
    - RE: OT - Spam Michael Steele (Apr 25)
- OT: list archives and e-mail addresses (Re: OT - Spam) Andrew R. Baker (Apr 25)
- <Possible follow-ups>
- Re: OT - Spam JP Vossen (Apr 24)