X-Message-Number: 18869
Date: Wed, 27 Mar 2002 16:14:21 -0500
From: "Kevin Q. Brown" <>
Subject: Re: Open archives

In CryoNet message # 18857 Phillip Labry <>
expressed concern that web spiders are culling email
addresses from the CryoNet archives for spamming purposes.
While spam is indeed a problem for everyone with an email
address, and especially people who post messages to mailing
lists or news groups, I must point out that all new CryoNet
subscribers should have received in their welcome message
an important disclaimer: **

  REDISTRIBUTION:
  CryoNet messages may be redistributed electronically to  
  other people not on the mailing list.  (Once the messages
  get distributed to hundreds of people via email, CryoNet
  has no control over what people do with them.)  Also,
  since the archives are accessible via WWW, including search
  engines, anyone with WWW access can retrieve messages years
  after they have been posted to the mailing list.

While that does not address spammers explicitly, exposure of
the posters' email addresses to the world does follow, and
should be expected, since they are included in the headers
of the messages.

What solutions are possible?  Limiting archive access to
subscribers would not be a solution because the spammers
could subscribe, mine the archives, and then unsubscribe.
Meanwhile, legitimate users would be denied access to
the archives.

Should the CryoNet software munge the email addresses in
the headers to make them unusable by the web spiders, yet
still readable by humans?  While the software could be
altered to do that, I am unconvinced that it would help
much since:

  (1) the archives already have been exposed to web spiders,
  (2) some people _want_ to be found via web searches
      of their email address, so no policy will satisfy
      everyone,
  (3) any programmatic, but easily reversible, munging of the
      email addresses eventually will be decoded by web spiders
      (although not necessarily within the lifetimes of those
      email addresses), and
  (4) spammers get email addresses in many ways besides
      mining web-accessible archives.  For example, simply
      having an account at a major ISP can attract spam
      since the user databases of major ISPs are such
      tempting targets for bribery or theft.

I see that Phillip Labry has his own Internet domain.
That's good.  He can create new userids at will and filter
email accordingly.  (Of course, his contact email address,
as reported by his registrar, will get spammed because the
registrar databases get mined for email addresses, too.)
I'm sorry that none of this prevents spam sent to
"".  In today's world, email addresses need
to be protected like passwords or unlisted telephone numbers,
or created as throwaways that are discarded upon the first spam,
or buttressed with sophisticated email filters.  Anyone who
posts to a mailing list or news group has chosen to forgo
the first option, leaving only the latter two.

    Kevin Q. Brown
    

  ** The text of that welcome message is also posted at:
       http://www.cryonet.org/info.txt
     The disclaimer about uncontrollable redistribution
     has been sent to new subscribers since the beginning of
     CryoNet in the late 1980's.  It was updated to include
     web accesses in the mid 1990's.

Rate This Message: http://www.cryonet.org/cgi-bin/rate.cgi?msg=18869