mailing list archives
Re: mailman email harvester
From: Bernhard Kuemel <bernhard () bksys at>
Date: Wed, 09 Feb 2005 14:16:43 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Dave Korn wrote:
|>An improved version that collects addresses that are restricted to
|>subscribers, processes more lists and works more parallelized is
The addresses of mailing list subscribers are top quality to
spammers. It's just a matter of time until one exploits this. I'd
rather want us to close this hole before this happens.
| You hoping to sell it to spammers?
I'm on the anti spammers side, but hey, I'm rather low on money so
if theres a good offer, I just might do that. 1 cent/address. If it
collects 1 million addresses, that would be 10,000 euros. That's my
price. And there are programmers who don't have objections working
for spammers. They even make worms that act as mail relays. See how
real the danger is?
| Obfuscating *works*;
The report you cited is about individuals obfuscating addresses in
individual ways. Mailman is a widespread mailing list manager and
obfuscates very many addresses in a uniform way. This makes it much
more attractive for spammers. If you hoped this would remain
unnoticed by spammers I'm sorry to disappoint you, but security by
obscurity does not work.
| if YOU break it, that makes YOU a spamming motherfucker.
This seems to bother you. Would you feel better if someone else did
it without anyone noticing it? Hey, it may already be happening.
| Why don't you go fuck yourself instead?
I'm too busy fucking my girl friend.
| Oh, and by the way
| <bernhard () bksys at>
Oh, BTW, obscuring or hiding email addresses wont's solve the
problem. Hashcash or ecash probably will.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.