...

...

Can't the email addresses be obfuscated?

Can't your client and email tools provide better handling of spam?

That's one of the silliest things I have ever read.

I've had the same email address for eight years. During that time, I have never, not once, tried to obfuscate or hide it. I am, arguably, more "known" than you or the original inquisitor. Spam has never gotten to a point where I felt it necessary to ask someone, or a group of someones, to provide protection of my address in a way that requires a man-hour or more of research/programming, especially in a way that would detrimentally affect future inquisitors. I can't count the number of times I've found a question in a mailing list archive, seen no response or suitable answer archived, emailed the original quester for their update, and received the solution quickly, politely, and with far fewer headaches (signing up, lurk period, asking, waiting days, leaving). Similarly, I'm not convinced that the archiving of his address was the only probable cause - it could just as easily been a Windows friend infected with an Address Book stealing virus (this is the primary reason, as previously suggested, that people use alternate email addresses or primary+mailinglist@primary.com).

Ofuscating email addresses is about as useful as using URL shorteners. They are detrimental and damaging to the Internet.

Please tell me your physical address and telephone number - I would like

You, and everyone else, can get it by doing a whois on my domain, or by simply accessing http://disobey.com/about/. Your comparison is flawed.

Now if you get a fancy phone system you can probably filter out most of those junk calls, and if you ask all your real correspondents to put some identifying mark on the front of their post then you can probably quickly sieve out most of the junk postal mail....

I don't have a cell phone, and I don't answer my real phone. Next?

Perhaps if people are obfuscating or not directly giving you their e-mail address it is because they don't want you to know what it is. Understandably, if someone doesn't want to talk to you and you want to talk to them, that can be frustrating. But that's their right.

When I sign up for a commercial website, I use the + gmail operator so that I know if they sell my address. For instance, if I sign up at foobar.comhttp://foobar.com, I would use reflection+foobar@. Then when I start getting spam I know where it came from. Since this is a mailing list, it's a pain in my rear to change my displayed address everytime I want to say something to reflection+wikitech-l@, so I had to use the base address of just reflection. When you do a google search for my e-mail address, the only results are from this mailing list. (a couple others are similar, but not mine). That means that the 2-3 spam messages I get per day on this relatively new address are from this mailing list.

If you go to mail.wikipedia.org http://mail.wikipedia.org and sign in to wikitech-l, you can access a list of Wikitech-l subscribers. A poor attempt is made here to obfuscate the addresses, using the 'at'. Most mail clients I have used automatically recognize this format and as a convenience turn the at into an @ for you. It is ridiculously easy for a harvester to do this. Even easier for them is to pluck the thousands of e-mail addresses sitting plainly in our archives.

I don't want to convince anyone that plainly posting your e-mail address on the web is a bad idea. I also don't want to convince anyone that receiving spam is an unpleasant experience. Further, I don't want to explain to anyone that it is a gross and unnecessary inconvenience to manage two or more e-mail addresses simply for the purpose of reading a mailing list. The merit must go over my head in the first place. Aren't I then just going to have to filter the spam out of the other address? Yes, yes I am.

On 7/17/05, Morbus Iff morbus@disobey.com wrote:

...

...

Please tell me your physical address and telephone number - I would

like

...

You, and everyone else, can get it by doing a whois on my domain, or by simply accessing http://disobey.com/about/. Your comparison is flawed.

My apologies - I really had to pee. Let me explain.

I understand that people get spam. I understand that people get junk mail, that they get marketing calls, and that they get annoyed with it. I'm not contesting that people need, and want, to make changes to how they receive and filter information.

What I am against, however, is when those needs and wants *affect me*. And when people obfuscate mailing list archives, or they don't put their email address on their website *at all* (a recent pet peeve that is driving me absolutely bonkers), it is making my life more difficult, and the internet far less useful.

I'm all for people doing what they need to do to curtail the flow of garbage. But only if it doesn't fuck with me. Don't fuck with "my" mailing list archives. Don't force me to reply *twice* to an email you sent me so that I can be put in some whitelist in your badly designed spam filter. Don't force me to Sherlock Holmes for an hour to find your damn email address so I can tell you that you mispelt something on your page and it makes you look like a fool.

For me, asking someone to change the software that services 100+ people (a guess) just so I can live my life a bit easier, is *rude*. And, honestly, that's only going to help, what, a month? Eventually, you're gonna send an email to someone, they're gonna get some virus that leeches their .wab and archived From/To's stored in a mailbox, and you're just gonna be put on a list that way. Once you're on one list, you're gonna be on all of them, and forever (I still get junk to morbus@totalnetnh.net, which hasn't been used for nine years).

There are too many ways for email addresses to be discovered that you'd have to be sending out an awful lot of requests to change things, all for widdle-ol' you. ("Hi! Please don't use Outlook Express. It's bad. K. Thanks!", "Hi! Oop, looks like you have Windows! Hey, tell ya what. Please don't use that? K. Thanks!", "Dear Google: Hi! Someone posted my email address on this site. Please remove it from your archive, the Wayback Machine, and all the caches the world over. K. Thanks!").

-- Morbus Iff ( rotinom ruoy edisni deppart mi pleH ) Technical: http://www.oreillynet.com/pub/au/779 Culture: http://www.disobey.com/ and http://www.gamegrene.com/ icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.orghttp://jabber.org: morbus _______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Fair enough, certainly. But, in my head, if they have a website, they're doing so for someone to read it. If they *only* wanted people to read it, they'd write a book, where interaction is difficult. Interaction is implied when you publish something (non-anon) on the *inter*net.

Know you tried to nit-pick my argument, so I will have to point out the difference in monetary cost between publishing on the internet and publishing a book. Presumably you have not tried to publish a real physical book? OK, the punchline is that it's much, much, much more flexible, cheap and easy to deliver by publishing on the internet

THAT is the reason people often publish on the internet, NOT because they desire interaction. (Of course it depends on your definition of interaction as well).

Your point also suggests that one should have an individual choice, upon signup, on whether his address were obfuscated in an archive (or, more sensibly, on live sends too, such that private archives wouldn't have it either). I guess I'd "support" an opt in feature for that, although I'm conflicted in so-doing (*choice* is something I never want removed, and it'd be an individuals' choice, not a forced capability applied to every one); I'd certainly opt out of it.

Oh, why do people object to the owners of a list spending a few mins making it "hard" for a spammer to syphon off all the email addresses, whilst still allowing a human to interact? There are a number of ways this can be reasonably done.

...

this mailing list. (a couple others are similar, but not mine). That means that the 2-3 spam messages I get per day on this relatively new address are

...

from this mailing list.

I'm not sure I fully agree, though it is certainly a possibility. You're telling me that you implicitly trust every person you've sent a personal email to to be expert enough to secure their machine from harvesters? Or that every one of our subscribers on this list have pure machines that couldn't have third partied your email to someone, through no fault of the public archive?

Well, actually, since I do run a commercial email service I think I can help answer this question. I don't have millions of customers like Hotmail, but I do have a large enough selection that I can promise you that my customers "do not get spam". Every so often one of them starts to receive stuff and will write to complain - I can usually put their email address into google and discover the source of the leak and that the publishing of the address was within days or a week of them first getting a spam message.

So I haven't seen a lot published about this, but my conclusion is that at least some spammers appear to be harvesting addresses from google rather than harvesting web pages (side bar: curious if anyone can confirm or deny this).

The practical upshot is that you can happily receive zero email in this world for years and years. Generally you will start to receive large amounts of spam within days of publishing your email address somewhere that google can see it.

Posting to mailing lists (and to a lesser extent these days to usenet) seems to be the fastest way to ramp up the amount of spam you will receive. I therefore claim that it's worth trying to obfuscate your email address if possible. Why hand out bricks to people smashing your windows?

This is a controversial topic clearly. My take on this is that personally I am IT literate and have absolutely no problem rigging up a spam scanner which means that I very rarely ever see a spam message - I get hundreds in my spam bucket that I never read, but rarely anything in my INBOX. However, I sell email services to "real people" and very few of them can properly operate the anti-spam functions (it says "on" or "off"...), let alone rig all the code up and build their own spam filters if I hadn't provided all these functions for them. My 2p is spent trying to defend all those people who aren't computer nerds like me....

Ed W

I've got to agree with Morbus.

I HATE spam, not just for the annoyance of finding it in my inbox, but even more for the way it is causing various sysadmins to enact measures which, taken to the extreme, will destroy the value of email. The tools are available to deal with it quite effectively at the recipient's end, preferably at the client, or at least at the user's mail server.

Obscuring e-mail addresses isn't the answer, neither are draconian measures such as isps using blackhole lists to outright reject email from 'suspicious' sources. Filter, yes, but block no. My isp throws away email from any servers on various blackhole lists, which contain at various times the servers which forward mail from yahoo groups, or sourceforge mailing lists' etc. I've had to set up my own mail server so that I can participate in these mailing lists in such a way that I can censor them instead of my isp. No amount of explaining that they are throwing away legitimate e-mails for their clients seems to get through to many isps.

And since the original poster was complaining about spam to his gmail account, he should be able to take solace in the fact that gmail seems to have the best spam filtering (not blocking) which I've seen. I've been using gmail for a year or more, and it has had an astonishingly high batting average both for correctly finding spam, but also for not marking innocent email as spam. I think that I've only had something like two incoming emails wrongly tagged as spam to my gmail account, and a similar small number of real spam getting through.