more on MAYBE NSF SHOULD FIX THEIR SYSTEM!!!!! Talk about cyber-trust -- your unsubscribe request

[David Farber <dave () farber net>]

------ Forwarded Message
From: James M Galvin <galvin () elistx com>
Date: Mon, 10 Jan 2005 10:33:20 -0500
To: Chris Beck <chris () pacanukeha net>, <dave () farber net>
Subject: Re: [IP] more on MAYBE NSF SHOULD FIX THEIR SYSTEM!!!!! Talk about
cyber-trust -- your unsubscribe request



--On Sunday, January 09, 2005 1:57 PM -0500 Chris Beck
<chris () pacanukeha net> wrote:

> The unsubscribe link should prompt a pls-confirm email.  That's the way
> most of the list I am on are configured.  I disagree with the idea of
> using a time-based component in the token.

This is the moral equivalent of time-based.  The point is, when you get a
token it is only valid for some period and the token changes with each
attempt to subscribe or unsubscribe.  As you say, this is the way many
email management systems work.


> Another thing to take away form this is that if an IP archive somewhere
> is being actively and diligently scraped, perhaps some sort of
> obfuscation is in order.

This is a common misconception.  Obfuscating email addresses "raises the
bar" ever so slightly, but the effect is negligible just past the
short-term.

To obfuscate you need an algorithm, since presumably you want to be able
to undo it.  In an archive that is "rich" in email addresses, it does not
take long for a harvester to figure out the algorithm.

The only theoretical option is not to publish the email address in the
first place, but in general that's not practical.

Jim


------ End of Forwarded Message


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/