On Sun, Nov 30, 2008 at 04:03:13PM -0000, John Levine wrote:
Do you think the bad guys are specifically trolling for lists, or is
it just that the IETF had unredacted online archives for a long time?
That's a fascinating question, and I have no idea of either of those
are the answer -- or whether some other factor is in play, or perhaps
multiple factors.
But one thing I'm more sure of every year is that there is less and less
reason to worry about redacting or obfuscating addresses. Spammers now
have so many ways of harvesting them [1] that it's pointless to try to
stop them. (And redacting the archives of publicly-available mailing
lists is futile, since spammers can simply subscribe and harvest all
incoming traffic. Similar for any Usenet archive, since newsfeeds
aren't all that scarce/expensive.)
I think the best course is to presume that any email address that's
used to originate traffic will eventually end up in spammers' hands
and plan defenses accordingly.
---Rsk
[1] Including searching the contents of any compromised system, including
any removable media and/or inspecting network traffic visible to it.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg