[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NON-P2 TOPIC: Thwarting the Abuse of the P2TECH archives

Mark Snyder of at Minnesota sent out this re Junk Mail in February this year.
He said it worked / helped reduce his junk mail significantly.
Deborah MacCormac
FDEP - P2 -Orlando 

	-----Original Message----- 
	From: Butner, R Scott [mailto:scott.butner@pnl.gov] 
	Sent: Wed 19-Jun-02 9:44 PM 
	To: P2TECH (E-mail) 
	Cc: 'listman@wmrc.uiuc.edu' 
	Subject: NON-P2 TOPIC: Thwarting the Abuse of the P2TECH archives

	Jini & the rest of the p2tech community  -
	Some of you may recall that there was discussion earlier this week,
of a plague of phony e-mails soliciting help in smuggling embezzled funds out
of poor African nations.  A couple of us on P2TECH mentioned that it was
quite easy for some unscrupulous spammer to "mine" the archives of lists like
P2TECH in order to obtain a list of e-mail addresses, and that there was
little, short of discontinuing the archives, that could be done to stop it. 
	Not a particularly happy conclusion to reach, but hey - spam happens.
	But, leave it to a computer scientist to come up with a solution that
is simple yet effective!
	I was recently reviewing list of publications by a CS researcher at
Stanford who had footnoted the contact info on his personal page.  He
indicated that users would need to edit his e-mail by removing a character
that he had placed after the @ sign (like this:  scott.butner@+pnl.gov)   By
altering his signature line with this deliberate typo in his e-mail, he had
effectively rendered the e-mail unintelligible to the majority of scripts
which use something called regular expressions (text patterns which can be
used to search for specific bits of information in a document or string) to
recognize valid e-mail addresses.  Even those scripts which capture the
e-mail address in this form, probably will not recognize it as an invalid
e-mail address, and hence will send any subsequent spam to an invalid

	In any event it would be interesting to see whether altering the
script which is used to build the P2TECH archives from our messages so that
it inserts an extra character into the e-mail address at a predictable spot
(for instance, immediately following the @ sign) would cut down on the number
of spam messages received by members of this community.  It would then be
incumbent upon us to remember when browsing the archives that we need to
remove the bogus character before sending a message to a poster.

	Just a thought.  This is admittedly a imperfect fix -- anyone really
intent on capturing our e-mails could spot the deception easily enough by
visual inspection.  But my guess is that most spammers are not paying that
much attention.  

	Another thought:  nothing prevents individuals from implementing this
convention unilaterally (and with randomly chosen characters).  
	I have yet to see a script that was smart enough to read a footnote!

	Scott Butner (scott.butner@+pnl.gov)*
	* You may have noticed a "+" in my e-mail address.
	   I am trying to fool the spammers.  Shhhh!  don't tell anyone!
	   Please remember to remove the + from the e-mail address before
sending mail to me.   





+m+yejGS칻&~&+-ݙݢj 歕w+aiۧrzyb^nrƠx*^칸rbz*tm 歕wXלv!w