X-Message-Number: 18869 Date: Wed, 27 Mar 2002 16:14:21 -0500 From: "Kevin Q. Brown" <> Subject: Re: Open archives In CryoNet message # 18857 Phillip Labry <> expressed concern that web spiders are culling email addresses from the CryoNet archives for spamming purposes. While spam is indeed a problem for everyone with an email address, and especially people who post messages to mailing lists or news groups, I must point out that all new CryoNet subscribers should have received in their welcome message an important disclaimer: ** REDISTRIBUTION: CryoNet messages may be redistributed electronically to other people not on the mailing list. (Once the messages get distributed to hundreds of people via email, CryoNet has no control over what people do with them.) Also, since the archives are accessible via WWW, including search engines, anyone with WWW access can retrieve messages years after they have been posted to the mailing list. While that does not address spammers explicitly, exposure of the posters' email addresses to the world does follow, and should be expected, since they are included in the headers of the messages. What solutions are possible? Limiting archive access to subscribers would not be a solution because the spammers could subscribe, mine the archives, and then unsubscribe. Meanwhile, legitimate users would be denied access to the archives. Should the CryoNet software munge the email addresses in the headers to make them unusable by the web spiders, yet still readable by humans? While the software could be altered to do that, I am unconvinced that it would help much since: (1) the archives already have been exposed to web spiders, (2) some people _want_ to be found via web searches of their email address, so no policy will satisfy everyone, (3) any programmatic, but easily reversible, munging of the email addresses eventually will be decoded by web spiders (although not necessarily within the lifetimes of those email addresses), and (4) spammers get email addresses in many ways besides mining web-accessible archives. For example, simply having an account at a major ISP can attract spam since the user databases of major ISPs are such tempting targets for bribery or theft. I see that Phillip Labry has his own Internet domain. That's good. He can create new userids at will and filter email accordingly. (Of course, his contact email address, as reported by his registrar, will get spammed because the registrar databases get mined for email addresses, too.) I'm sorry that none of this prevents spam sent to "". In today's world, email addresses need to be protected like passwords or unlisted telephone numbers, or created as throwaways that are discarded upon the first spam, or buttressed with sophisticated email filters. Anyone who posts to a mailing list or news group has chosen to forgo the first option, leaving only the latter two. Kevin Q. Brown ** The text of that welcome message is also posted at: http://www.cryonet.org/info.txt The disclaimer about uncontrollable redistribution has been sent to new subscribers since the beginning of CryoNet in the late 1980's. It was updated to include web accesses in the mid 1990's. Rate This Message: http://www.cryonet.org/cgi-bin/rate.cgi?msg=18869