[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Poster to this lists email address not obfuscated? If so it makes this list a heaven for spam bots...:-(

s. keeling wrote:

Incoming from Florian Kulzer:


s. keeling wrote:


[...]


Consider joining my (ad hoc) "Poison The Well" project:

http://www.spots.ab.ca/~keeling/emails.html


Maybe I misunderstand what you are doing, but aren't you increasing the
spam load for people whose real email addresses are used/forged as the
sender address by the spammers? How do you make sure not to include any
addresses of legitimate users in your list?



They're already being used.  I receive spam addressed from
keeling@spots.ab.ca, which doesn't surprise me.  "My posting them ...
isn't going to let any cats out of any bags that aren't already out."


I am not so sure about that. I get a lot of spam, which means that some
spammers - let us call them A, B, C, and D - have my email address in
their database. Now if one of them sends you spam with my address as the
forged sender, my email address will end up on public display on one
more web page, your "Poison The Well" project page. This in turn
increases the chances that spammers E, F, ..., Z will also find my email
address and I will get even more spam than before. I think what you are
doing is harmful and bordering on being an accessory to email address
harvesters. As one of my sibling posters has already pointed out, it
also does not do anything to slow down the spammers or to improve the
efficiency of spam filters.


I'll happily remove any entry from the list when requested, and so far
I've not received any such request.  I'm just trying to increase the
noise in their S/N ratio, that's all.


But how would people know that they should contact you to have their
email address removed from the list? How are they supposed to know about
the existence of the list in the first place? There is no way of telling
how a given spammer has found your email address, but it is clear that
any additional exposure on public web pages is a bad thing.

I really think you should stop doing this. If you want to poison the
spammers' databases you should use an email honeypot of randomly
generated garbage addresses. I recall seeing quite sophisticated
implementations of this, in which an "invisible" (for normal users) link
on a webpage leads email harvesting robots into a maze of dynamically
generated bogus pages full of thousands of useless email addresses.
(Unfortunately I do not have a link ready for this.)

Regards,
          Florian
Reply to: