[ale] (no subject) SPAM talk...

ChangingLINKS.com groups at ChangingLINKS.com
Sat Apr 17 11:58:20 EDT 2004


On Saturday 17 April 2004 09:00, George Carless wrote:
> Once again, Drew, you're weighing in with a rather inflammatory post 
Ah, gotta work on delivery. However, the substance wouldn't change.

>that betrays something of a lack of understanding of 
> the problem at hand.  So I'll refer you to the always-useful 
> spamsolutions.txt: http://www.craphound.com/spamsolutions.txt

I read your .txt file. Clearly, we are not talking about the same thing. Your 
file addresses spam in general - which isn't the fundamental issue of this 
thread.

> And most of the criticism of Microsoft . . . comparing apples and oranges.

To help you understand the Microsoft complarison:
I'll just say "Code that is easily exploited is bad code."
At least you see the "fruit" of the similiar coding practices.

> And I'm not sure what you mean by "I, for one, don't allow harvesting at my 
> domain".. I couldn't really find any pages on your 
> site which were of the kind to contain data that could be harvested
 
The site has such data, and *like many other sites* I simply never post the 
members email. The simple solution that I use is relating a memberid to the 
email address in the database. The ALE could do the same, by simply having a 
form that a user can fill out to establish contact with a poster. 
(I'm not saying we should do that, it's just another solution.)

> it's a somewhat difficult-to-navigate site.
Odd. I think this is the second time you've said that. I'll address it this 
time. The site has 6 underlined links (once you "enter here") and all but one 
page is 3 clicks deep. Come on Carless . . . ooooooh. maybe you clicked the 5 
non-underlined SEO links at the very bottom of the splash page? - nah, you 
will still be greeted with a jumping "enter here" graphic.

>  But certainly many of the sites that you link to *are* ripe for harvesting 
> for those with the will.

I'm not trying to solve the "World's spam problem." Just trying to do my part 
not to endorse it. "To each his own" domain/email address.

> And the mirror that you posted seems to only do simple stuff like "username 
> at wherever.com", which I think is no deterrent  whatsoever to spam 
> harvesters.

Read my post related to the economics of spam, research the abilities of spam 
software. You will at least be able to see that it is a reasonable 
"deterrent."

> Security through obfuscation by the means that you describe is *very little 
> security*, and indeed is often potentially wore 
> than "no security". 

WE ARE NOT SECURING BANKING INFORMATION HERE. 
*Please* see the difference in the data. Obfuscation of email addresses is 
enough. And if not, it is at least THE least we should do. 
Fortunately your "do nothing" position is at odds with Geoffrey's most recent 
post, and reality (we're already halfway to the goal). What's more is rather 
than offering a solution, your post offers little more than a personal 
attack. Shameful.

> Which suggests that you're unwilling to learn, which is frankly rather 
> annoying.

I may be annoying, but I am less annoying that the spammers that easily 
exploit the ALE. I am less annoying than the people complain about spam 
problems related to the ALE list, and yet don't offer to fix the problem. I 
am less annoying than some guy piping up saying what "can't be done" in 
ignorance of the fact that what I am proposing is the STANDARD. However, 
hopefully, I am just annoying enough to motivate change.

> Do just a *little* research and 
> you'll soon find for yourself that the kinds of steps you propose are at 
> best too problematic, introducing more issues than 
> they solve, and at worst entirely ineffective.  

Incorrect. 
I have researched this issue insofar as looking at how other sites handle 
members' information, researching common spam harvesting programs, talking 
with spammers, and reviewing the ALE's presence on the Internet for the last 
3-4 years. The truth is that it is so easily to slog email addresses there is 
*no need* to waste the time and effort decrypting them. Perhaps you don't 
realize how many different ways people obfuscate email addresses?

> But I am sure that you'll respond in your typical "abused 
> misunderstood martyr  who's just acting in the common good" style...

Nope. I'm sticking with "fix your shit."
-- 
Wishing you Happiness, Joy and Laughter,
Drew Brown
http://www.ChangingLINKS.com



More information about the Ale mailing list