![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: OT - Spam
From: JP Vossen <vossenjp () netaxs com>
Date: Fri, 25 Apr 2003 00:35:37 -0400 (EDT)
Date: Thu, 24 Apr 2003 19:29:39 -0400 To: <bmcdowell () coxhealthplans com>, <snort-users () lists sourceforge net> From: Matt Kettler <mkettler () evi-inc com> Subject: Re: [Snort-users] OT - Spam
At 05:46 PM 4/24/2003 -0500, bmcdowell () coxhealthplans com wrote:
I've noticed that by doing a google search for my own e-mail address, it only appears on web-archives of these two mailing lists. Could you respective Admins please take steps to obfuscate the actual e-mail addresses before posting them to the web? As I understand it, 'bare' e-mail addresses on web pages are big targets for spammers.
I enjoy participating in these lists, however I have notices that my inbound spam has tripled since I joined them. If it can't be fixed, I can respect that. But it can, you'd probably be doing your user-base a huge favor.
I second those!
As a subtle counter point, that might reduce the problem, but will hardly cure it. After all, it only takes _one_ spam-database-builder subscribed to _one_ mailing list you use to pick up your address.. from there it will likely be copied into dozens of them.
Actually, that turns out not to be the case according to [0]: "Conclusions "3. E-mail addresses harvested from the public Web appear to have a relatively short "shelf life."
I suspect at least one spam database miner has gotten the idea of subscribing to all the sourceforge.net mailing lists they can find to mine them for addresses.
That's an interesting (and unpleasant) thought that is not really covered in [0].
So you've increased the lag time before some spam database gets your address, but you've not really stopped it from happening. If you really don't want your address picked up by spammers, never use it to post to any publicly accessible mailing list, newsgroup, or web forum. As a general rule if there's ANY way to collect addresses out of some system, there's going to be at least one spammer desperate enough to do it.
That won't even work 100%... (See #8 below) :-(
That said, it would be a good thing for any mailing-list to usenet mirrors to obfuscate addresses. Any small bit never hurts, but it's hardly a huge favor.
I will briefly note the conclusions from [0] and encourage you to read the full report, as some of it is counter-intuitive. 1. E-mail addresses harvested from the public Web are frequently used by spammers. By an overwhelming margin, the greatest amount of spam we received was to addresses posted on the public Web. 2. The amount of spam received by an address posted on the public Web is directly related to the amount of traffic that Web site receives. 3. E-mail addresses harvested from the public Web appear to have a relatively short "shelf life." 4. Addresses posted in the headers of USENET messages can receive significant spam, though less than a posting on the public Web. 5. Obscuring an e-mail address is an effective way to avoid spam from harvesters on the Web or on USENET newsgroups. 6. Sites that publish their policies and make choice available to users generally respected those policies. 7. Domain name registration does not seem to be a major source of spam. 8. Even when an e-mail address has not been posted or shared in any way, it is still possible to receive spam through various "attacks" on a mail server. Later, JP [0] http://www.cdt.org/speech/spam/030319spamreport.shtml Also interesting: http://www.paulgraham.com/spam.html ------------------------------|:::======|-------------------------------- JP Vossen, CISSP |:::======| jp () jpsdomain org My Account, My Opinions |=========| http://www.jpsdomain.org/ ------------------------------|=========|-------------------------------- "The software said it requires Windows 98 or better, so I installed Linux..." ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- OT - Spam bmcdowell (Apr 24)
- Re: OT - Spam Matt Kettler (Apr 24)
- Re: OT - Spam mikem (Apr 24)
- Re: OT - Spam Julian Brown (Apr 25)
- Re: OT - Spam Thomas Templin (Apr 25)
- RE: OT - Spam Michael Steele (Apr 25)
- OT: list archives and e-mail addresses (Re: OT - Spam) Andrew R. Baker (Apr 25)
- <Possible follow-ups>
- Re: OT - Spam JP Vossen (Apr 24)