[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NON-P2 TOPIC: Thwarting the Abuse of the P2TECH archives


Jini & the rest of the p2tech community  -

Some of you may recall that there was discussion earlier this week, of a plague of phony e-mails soliciting help in smuggling embezzled funds out of poor African nations.  A couple of us on P2TECH mentioned that it was quite easy for some unscrupulous spammer to "mine" the archives of lists like P2TECH in order to obtain a list of e-mail addresses, and that there was little, short of discontinuing the archives, that could be done to stop it. 

Not a particularly happy conclusion to reach, but hey - spam happens.

But, leave it to a computer scientist to come up with a solution that is simple yet effective!

I was recently reviewing list of publications by a CS researcher at Stanford who had footnoted the contact info on his personal page.  He indicated that users would need to edit his e-mail by removing a character that he had placed after the @ sign (like this:  scott.butner@+pnl.gov)   By altering his signature line with this deliberate typo in his e-mail, he had effectively rendered the e-mail unintelligible to the majority of scripts which use something called regular expressions (text patterns which can be used to search for specific bits of information in a document or string) to recognize valid e-mail addresses.
Even those scripts which capture the e-mail address in this form, probably will not recognize it as an invalid e-mail address, and hence will send any subsequent spam to an invalid address.

In any event it would be interesting to see whether altering the script which is used to build the P2TECH archives from our messages so that it inserts an extra character into the e-mail address at a predictable spot (for instance, immediately following the @ sign) would cut down on the number of spam messages received by members of this community.  It would then be incumbent upon us to remember when browsing the archives that we need to remove the bogus character before sending a message to a poster.

Just a thought.  This is admittedly a imperfect fix -- anyone really intent on capturing our e-mails could spot the deception easily enough by visual inspection.  But my guess is that most spammers are not paying that much attention. 

Another thought:  nothing prevents individuals from implementing this convention unilaterally (and with randomly chosen characters). 
I have yet to see a script that was smart enough to read a footnote!   ;-)

Scott Butner (scott.butner@+pnl.gov)*
* You may have noticed a "+" in my e-mail address.
   I am trying to fool the spammers.  Shhhh!  don't tell anyone!

remember to remove the + from the e-mail address before sending mail to me.