Trolltech Home | Qt-interest Home | Recent Threads | All Threads | Author | Date
All threads index page 4

Qt-interest Archive, July 2004
mailinglist: archives have email address scrambled; newsgroup has not! Please change!

• Subject: mailinglist: archives have email address scrambled; newsgroup has not! Please change!
• From: Rob Lahaye <lahaye@xxxxxxxxx>
• Date: Mon, 12 Jul 2004 15:48:05 +0900
• To: qt-interest@xxxxxxxxxxxxx, info@xxxxxxxxxxxxx

Hello,

I just joined the qt-interest disussions and I am worried about following:

For sending emails to qt-interest, I need to supply a legitimate email
address to subscribe. After that, all my emails to the list are automatically
forwarded to the corresponding newsgroup without scrambling my email
address.

The newsgroup is publicly accessible and can thus be abused by spam
generators to collect easily many legitimate email addresses.

-----

Since email scrambling is performed on the archives of the mailinglist,
I assume Trolltech is aware of such abuse. However, the scrambling of
email addresses is not done for the newsgroup and this is even easier
to abuse.

Is it possible to also scramble the email addresses that are forwarded
to the newsgroup? This would improve security against spammers a lot.

Thanks,
Rob.

• Subject: Re: mailinglist: archives have email address scrambled; newsgroup has not! Please change!
• From: Rob Lahaye <lahaye@xxxxxxxxx>
• Date: Mon, 12 Jul 2004 16:28:02 +0900
• To: André Somers <a.t.somers@xxxxxxxxxxxxxxxxxx>, qt-interest@xxxxxxxxxxxxx

André Somers wrote:
> Hi,
> 
> 
>>For sending emails to qt-interest, I need to supply a legitimate email
>>address to subscribe. After that, all my emails to the list are
>>automatically forwarded to the corresponding newsgroup without scrambling
>>my email address.
>>
>>The newsgroup is publicly accessible and can thus be abused by spam
>>generators to collect easily many legitimate email addresses.
> 
> Well, the list itself is publicly accessable too! To proove the point, I have 
> send this message to your personal address too. 

Yes, I agree there's also more to say about how qt handles the mailinglists.
Slightly better mailinglists do not simply subscribe upon the first email,
but require a confirmation by a second email.

Of course, a spammer who wants to do a little more manual labor, can gather
email addresses from anywhere, by subscribing to anything. Question is where
to draw the line.

I would prefer a more radical solution: all personal email addresses to the
mailinglist must be scrambled, which will force everyone to communicate with
each other via the mailinglist (which is the only known email address).
If you need somebody's personal email address, you must ask for that
via the mailinglist, although generally there is not much need for that.

All this is easy to setup and will prevent the more-or-less free access for
spammers to a great source of legitimate email addresses.

To make my point: there was no need for you to send your reply to my personal
email address. I would have got it via the mailinglist or found it on the
newsgroup. Also, I do not need to send my reply to your personal email address.
It is sufficient to let us communicate via the mailinglist and/or newsgroup,
without knowing each others personal email addresses.
For me this concept is so simple :).

Regards,
Rob.

• Subject: Re: mailinglist: archives have email address scrambled; newsgroup has not! Please change!
• From: Paul Floyd <paulf@xxxxxxx>
• Date: Mon, 12 Jul 2004 10:05:31 +0200
• To: qt-interest@xxxxxxxxxxxxx

Quoting Rob Lahaye <lahaye@snu.ac.kr>:

[snip]

> Yes, I agree there's also more to say about how qt handles the mailinglists.
> Slightly better mailinglists do not simply subscribe upon the first email,
> but require a confirmation by a second email.
> 
> Of course, a spammer who wants to do a little more manual labor, can gather
> email addresses from anywhere, by subscribing to anything. Question is where
> to draw the line.
> 
> I would prefer a more radical solution: all personal email addresses to the
> mailinglist must be scrambled, which will force everyone to communicate with
> each other via the mailinglist (which is the only known email address).
> If you need somebody's personal email address, you must ask for that
> via the mailinglist, although generally there is not much need for that.

Indeed. Some mailing list software also allow you to send a mail to the
listserver to query the people that are subscribed, and subscribers can choose
to not have their names show up in the requested lists.

> To make my point: there was no need for you to send your reply to my
> personal
> email address.

That reminds me of the dumb configuration of qt-interest. Every other mailing
list that I have ever used has reply-to-list configured, whilst qt-interest is
configured for reply-to-sender. Perhaps this is one of those modern things like
top posting that OE lusers like.

A+
Paul

• Subject: Re: mailinglist: archives have email address scrambled; newsgroup has not! Please change!
• From: <Rainer.Wiesenfarth@xxxxxxxx>
• Date: Mon, 12 Jul 2004 09:40:28 +0200
• Thread-index: AcRn4nylRpB3yjk8ShOKfFQhzbz1CwAADgiQ
• Thread-topic: mailinglist: archives have email address scrambled; newsgroup has not! Please change!
• To: <qt-interest@xxxxxxxxxxxxx>

From: Rob Lahaye [mailto:lahaye@snu.ac.kr]
> (...)
> I would prefer a more radical solution: all personal email 
> addresses to the mailinglist must be scrambled, which will
> force everyone to communicate with each other via the
> mailinglist (which is the only known email address).
> If you need somebody's personal email address, you must ask
> for that via the mailinglist, although generally there is
> not much need for that.
> (...)

But in this case at least one address would be in the message, so spammers would get it. Ok, the number of known adresses would decrease, but it would not solve the problem.

BTW: Scrambling fails when using PGP, as it modifies the signature which is then no longer detected by the scrambler. Just in case someone at Trolltech would like to fix this ...

Best Regards / Mit freundlichen Grüßen
Rainer Wiesenfarth

-- 
 [ signature omitted ] 

• Subject: Re: mailinglist: archives have email address scrambled; newsgroup has not! Please change!
• From: Sylviane & Perry White <spwhite@xxxxxxxxxxx>
• Date: Mon, 12 Jul 2004 19:30:31 +0200
• To: Qt interest <qt-interest@xxxxxxxxxxxxx>

Hi all,

The drawback of having pratically ALL the mail going throuh the list has to be 
evaluated. I sometimes answer "off-list" to beginner's questions which have 
been answered times and again in the archives and probably others do that.

Perry

• Subject: RE: mailinglist: archives have email address scrambled; newsgroup has not! Please change!
• From: Chris Smith <Chris.Smith@xxxxxxxxxxxx>
• Date: Mon, 12 Jul 2004 08:49:37 +0100
• Return-receipt-to: "Chris Smith" <Chris.Smith@tfbplc.co.uk>
• To: qt-interest@xxxxxxxxxxxxx

Rob Lahaye wrote:
>
>I would prefer a more radical solution: all personal email
>addresses to the mailinglist must be scrambled, which will
>force everyone to communicate with each other via the 
>mailinglist (which is the only known email address).
>If you need somebody's personal email address, you must
>ask for that via the mailinglist, although generally there
>is not much need for that.
>
>All this is easy to setup and will prevent the more-or-less
>free access for spammers to a great source of legitimate
>email addresses.

If it bothers you that much, you can always subscribe with two addresses:
your legitimate address and a throwaway Hotmail address; you read the list
with your legitimate account and post using the throwaway address.

Chris
--
 [ signature omitted ]