On Jan 1, 2004, at 1:15 PM, Williams, Travis L, NEO wrote:
Some method should be provided to obfuscate an address.. I'm not
sure how smart the harvesters are but maybe a couple of different
methods should be done in a round robin fashion so they can't just
anything you can programmatically obfuscate they can (and are)
programmatically de-obfuscating. Slashdot tried that, and it failed
miserably. Took the spammers about a week to deal with it.
Answer: no email address should be visible to an unauthenticated user.
Period. What might have been okay five years ago isn't any more. A
public, unprotected archive hands your users email addresses to google,
who hands them to the spammers.
Now, should MHonarc do this? depends on your strategy. My strategy is
to output all archives through a web tool that strips data on the fly,
so that authenticated users can get the full info while still
protecting data from guest access. Since I expect the data that will
need to be protected will change over time, I want that protecting in
the output tool, not the archiving tool -- so I can change it on the
fly without having to go back and rebuild the archives.
Other things that need to be protected: social security (or other
national ID) numbers and phone numbers. neither should be distributed
to non-authenticated (I.e: I know who you are) users. And we shouldn't
assume either of those are US centric, of course.
But if you don't strip email addresses from open archives, you've
handed them to the spammers. That is not, I don't believe, what your
users expected when they subscribed to your mail list.
(I worry about stuff like this for a living...)