[Full-Disclosure] Re: mailman email harvester

["Dave Korn" <davek_throwaway@xxxxxxxxxxx>]

"Bernhard Kuemel" <bernhard@xxxxxxxx> wrote in message
news:4207F04C.2010403@xxxxxxxxxxx
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi!
>
> Tons of email addresses from mailman mailing lists are vulnerable to
> be collected by spammers.
>
> They are "protected" by obfuscation (user@xxxxxxxxxxx -> user at
> example.com) and access to the subscriber list can be restricted to
> subscribers. The obfuscation is trivially reversed and harvester
> scripts can subscribe to gain access to restricted lists.

  Yes, but no spammers actually do so.  For experimental proof of this
claim,

http://www.cdt.org/speech/spam/030319spamreport.shtml

" But none of the addresses that were obscured, whether in "human-readable"
or "HTML-obscured" form, received a single piece of spam, leading us to
conclude that e-mail address "harvesters" are not presently capable of
collecting such addresses. While this may change as time passes and
technology develops, for the time being it appears that obscuring an e-mail
address is an effective means of avoiding spam. "

  The harvesters don't bother because there are so many un-obfuscated email
addresses out there, enough to keep them busy for a lifetime of spamming,
anyway.

> An improved version that collects addresses that are restricted to
> subscribers, processes more lists and works more parallelized is
> planned.

  Why?  You hoping to sell it to spammers?  Obfuscating *works*; if YOU
break it, that makes YOU a spamming motherfucker.  Why don't you go fuck
yourself instead?

  Oh, and by the way

<bernhard@xxxxxxxx>
<bernhard@xxxxxxxx>
<bernhard@xxxxxxxx>
<bernhard@xxxxxxxx>
<bernhard@xxxxxxxx>
<bernhard@xxxxxxxx>
<bernhard@xxxxxxxx>
<bernhard@xxxxxxxx>



    drop dead,
      DaveK
-- 
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html