Niall,
Received quite a lot of spam today mailed to fsfeurope2<at symbol>nedprod.com which I use on fsfe-ie@fsfeurope.org and discussion@fsfeurope.org. One of these mailing lists is displaying our email addresses publicly!
Do you perhaps mean s_fsfeurope2? From a quick search it's quite likely that your address was harvested from the November archives, when someone answered a message from you, quoting your email address in the body of the response.
While Mailman's pipermail archive does obfuscate the email addresses in the headers of an email, it doesn't generally do this for the body of the mails because doing so would break possible GPG signatures.
Jonas
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 9 Jan 2004 at 9:04, Jonas Oberg wrote:
Received quite a lot of spam today mailed to fsfeurope2<at symbol>nedprod.com which I use on fsfe-ie@fsfeurope.org and discussion@fsfeurope.org. One of these mailing lists is displaying our email addresses publicly!
Do you perhaps mean s_fsfeurope2? From a quick search it's quite likely that your address was harvested from the November archives, when someone answered a message from you, quoting your email address in the body of the response.
Yes sorry - quite right.
While Mailman's pipermail archive does obfuscate the email addresses in the headers of an email, it doesn't generally do this for the body of the mails because doing so would break possible GPG signatures.
Of course. Can you email me privately who it was and I will send them an email expressing my grave displeasure? I tried browsing the Nov archive myself but couldn't find the culprit (and downloading the full archive of 2Mb would take me some time and centimos).
I've already lost s_fsfeurope to spammers, I really don't want to have to move to s_fsfeurope3 :(
Cheers, Niall
Niall Douglas wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 9 Jan 2004 at 9:04, Jonas Oberg wrote:
Received quite a lot of spam today mailed to fsfeurope2<at symbol>nedprod.com which I use on fsfe-ie@fsfeurope.org and discussion@fsfeurope.org. One of these mailing lists is displaying our email addresses publicly!
Do you perhaps mean s_fsfeurope2? From a quick search it's quite likely that your address was harvested from the November archives, when someone answered a message from you, quoting your email address in the body of the response.
Yes sorry - quite right.
While Mailman's pipermail archive does obfuscate the email addresses in the headers of an email, it doesn't generally do this for the body of the mails because doing so would break possible GPG signatures.
Of course. Can you email me privately who it was and I will send them an email expressing my grave displeasure? I tried browsing the Nov archive myself but couldn't find the culprit (and downloading the full archive of 2Mb would take me some time and centimos).
I've already lost s_fsfeurope to spammers, I really don't want to have to move to s_fsfeurope3 :(
Cheers, Niall
Curiously google can't find it either:
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&saf...
Maybe the spammers will now recognise and harvest "a at b.org" ?
James> Maybe the spammers will now recognise and harvest "a at b.org" ?
Myself and Niall talked about this off list (slightly off topic).
When I quoted niall before, I included his email address. pipermail converts '@' to ' at ' in the online archives, but there is also a gzipped text file of the archives where the conversion doesn't take place. So there's three possibilities for why Niall it getting spam:
1/ The spambots have cracked the ' at ' conversion. (Alan Cox says they all have) http://mail.gnome.org/archives/foundation-list/2003-December/msg00018.html
2/ The spambots are downloading gzip files, unzipping them, and scanning them. Gzip mailing list files available from here: http://mail.fsfeurope.org/pipermail/fsfe-ie/
3/ The spambots are subscribing to mailing lists and then looking at the subscibers list page. (fsfe-ie has the subscribers list set to private, but discussion@fsfeurope.org has it public.)
Nothing we can do about 1 or 3, but for 2, we should make sure not to include unarmoured email addresses in our mails. (I'll stop. I don't know if anyone else has been doing this.)
end of thread?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10 Jan 2004 at 10:08, James Heald wrote:
I've already lost s_fsfeurope to spammers, I really don't want to have to move to s_fsfeurope3 :(
Maybe the spammers will now recognise and harvest "a at b.org" ?
So far they don't seem to try to defeat the trivial mangling mailman performs. I'm guessing it's because techies use mailing lists and thus have strong spam filters installed - therefore there's no return on spamming them. And even though there's little cost to spamming, there is the logistical cost of spamming people with zero chance of return (you could be spamming others instead with the same bandwidth).
Cheers, Niall