[Tfug] Re: ISP for Qwest DSL

Anthony Steckman tfug@tfug.org
Thu Jan 16 13:18:01 2003 

Nice.


+ I'm probably responding to some of what was said below:

. Date: Thu, 16 Jan 2003 11:26:52 -0700
. Subject: Re: [Tfug] Re: ISP for Qwest DSL
. From: Leo Przybylski <leo@leosandbox.org>
. Reply-To: tfug@tfug.org
. To: tfug@tfug.org
. User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a)
.     Gecko/20021212
. 
. Leo Przybylski wrote:
. 
. > Anthony Steckman wrote:
. >
. >> Outside of AOL, most message boards and email groups are pretty safe 
. >> from harvesters, who prefer to use crawlers that harvest mailto 
. >> addresses from an html context. Mailman protects against this by not 
. >> posting email addresses in the archives. In other words: the only way 
. >> to get addresses from this Listserv... is to join the Listserv. Most 
. >> of the old-school newsgroup type crawlers fail here because they 
. >> don't know how to reply to the confirmation email.
. >>
. > Doesn't TFUG use mailman? I would hate to rain on your parade, but I 
. > could quite easily (with procmail, bash and sendmail), start spamming 
. > people on this mailing list. There are ways to protect against this 
. > with sendmail, but I won't go into that.
. >
. > In a modular sense, it would be simple to integrate this functionality 
. > into a crawling system.
. >
. > Speaking of crawling, isn't it also possible to crawl mailing-list 
. > archives available through good ole' HTTP? 
. 
. Putting 2 and 2 together, I just had a great idea for you spammers out 
. there!! ASF uses The mail archive to archive their mailing lists and 
. make them publicly available via HTTP. The mail archive has one huge 
. fault though. It allows the option of responding to people who 
. originally posted directly without needing to login or anything. This 
. can give a crawler (with some interpretation) the email address of the 
. poster.
. 
. How do you set up mail archive to work? Get a mail archive account and 
. sign up that account with the mailing list you want to archive.
. 
. Suddenly, you have an instantly crawlable mailing list. Completely 
. vulnerable.
. 
. Just thought I would post that if anyone needed help in their spamming 
. exploits.
. 
. -Leo Przybylski
. 
. >
. >
. > I don't mean to boast, and this may not really prove anything by me 
. > saying it, but I used to write crawling software for spammers (much to 
. > my shame). I maintain a personal database of domestic/international 
. > email addresses (I'm sure you're on it somewhere).
. >
. > I'm with the AOL QA person. I also used to write software for 
. > profiling over network protocols. I'm sure that if you have visited 
. > any of the clients from http://www.coremetrics.com, you have been 
. > tagged and are tracked throughout the world of HTTP. If you have ever 
. > seen an XXX banner (now, I would never stoop that low, but they are 
. > the competition for legitimate businesses) or email, you again are 
. > tagged.
. >
. > Spam isn't all you have to worry about. Be sure to turn your cookies 
. > off even in your email viewer.
. >
. > -Leo
. > P.S. By "you", I wasn't referring to any specific individual. I mean 
. > anyone reading this on the list.
. >
. >>
. >> This isn't to say it couldn't eventually become a problem, but your 
. >> experience with AOL is skewing your perception of what happens on the 
. >> rest of the Internet.
. >>
. >> Yahoo! mailing lists also protect one's email address -- again, the 
. >> only way to harvest the address is to join the email groups -- and 
. >> the crawlers in use just aren't smart enough to handle that yet.
. >>
. >> Finally, if you really work at AOL, your email to this Listserv is in 
. >> violation of at least three company policies.
. >>
. >> All things being the same:
. >>
. >> Stick around awhile and you might learn something.
. >>
. >>
. >> + I'm probably responding to some of what was said below:
. >>
. >> . Date: Wed, 15 Jan 2003 21:08:12 -0700
. >> . Subject: [Tfug] Re: ISP for Qwest DSL
. >> . From: Michele Campbell <omega593@mac.com>
. >> . Reply-To: tfug@tfug.org
. >> . To: tfug@tfug.org
. >> . X-Mailer: Apple Mail (2.551)
. >> . . . I would like to suggest that you consider how your name is 
. >> getting on . the spam lists rather than changing your ISP. Email 
. >> addresses are . harvested from a variety of places, including public 
. >> forums such as . this one. They are also harvested from ebay and 
. >> yahoo. So you can . change ISP's but if your behavior does not 
. >> change, you will continue to . receive spam no matter which company 
. >> provides your internet service. I . work at AOL and we are currently 
. >> running some tests on Spam filters-- . but no filters are perfect. 
. >> What you must consider is that if your ISP . starts filtering, the 
. >> ISP might inadvertently filter some of your . non-Spam email. So, for 
. >> your own sake, take a look at who is receiving . your email address 
. >> and where your email address is appearing and . perhaps limit that 
. >> exposure.
. >> . . L. Michele Campbell
. >> . Associate QA Engineer, America Online, Inc.
. >> . . _______________________________________________
. >> . tfug mailing list
. >> . tfug@tfug.org
. >> . http://www.tfug.org/mailman/listinfo/tfug
. >> . .
. >> _______________________________________________
. >> tfug mailing list
. >> tfug@tfug.org
. >> http://www.tfug.org/mailman/listinfo/tfug
. >>  
. >>
. >
. >
. > _______________________________________________
. > tfug mailing list
. > tfug@tfug.org
. > http://www.tfug.org/mailman/listinfo/tfug
. 
. 
. 
. _______________________________________________
. tfug mailing list
. tfug@tfug.org
. http://www.tfug.org/mailman/listinfo/tfug
. 
.