|
|
Boost : |
From: Andreas Huber (ah2003_at_[hidden])
Date: 2004-07-03 08:33:57
Dear Boosters
What follows is OT, but since this post discusses a problem that I expect to
hit boost contributors especially hard I think it is ok to post it here. If
not, please let me know.
**** lengthy obfuscation rationale begin ****
Spammers routinely harvest email addresses from web pages and newsgroups.
Viruses scan harddisks to find email addresses of potential new victims.
Spammers have even started to use special viruses to install backdoors on
computers and then later hijack the infected machines to send their junk to
the email addresses found on the harddisk (see e.g.
http://tinyurl.com/35usd).
Boost contributors are especially vulnerable as their email address is
published on the boost website and on the boost list. Moreover, their email
address can be found on the harddisks of the thousands of people who use the
boost distribution.
Despite these vulnerabilities, very few obfuscate their address on the list
and in the 1.31 distribution (I don't do so yet, either). Sure, virus
scanners and spam filters alleviate the problem but they can never fully
solve it. Spammers have become very sophisticated in making their junk pass
filters. Although I'm employing multiple spam/virus filters (spamcop, gmx,
yahoo) I'm currently getting about 10 unsolicited messages per day (up from
about 3 per day a year ago) and I'm concerned what will happen once my
address is stored on thousands of hard drives when/if my library is accepted
into boost. Sure, I could simply disable my throw-away address and publish a
new one as soon as spam/virus levels become unbearable but that also
immediately cuts off users who have downloaded the distribution. Plus, this
solves the problem only temporarily.
So, the only real solution to considerably reduce email junk is to thwart
automatic harvest and thus to obfuscate email addresses. I realize that even
this offers no guarantee for not receiving spam/viruses as someone sending
me email will often have my unobfuscated email address on his/her hard drive
but it definitely reduces the number of locations where my address can be
harvested considerably.
**** lengthy obfuscation rationale end ****
Questions:
1. How do other contributors deal with spam/viruses clogging up their
in-boxes? Am I worrying about something that will never be a big deal?
2. What do other people think about a voluntary boost standard for
obfuscating email addresses published in posts, docs & code?
3. If you think 2. is a good idea then what is a good way to obfuscate email
addresses? Is the simple <at> & <dot> approach sufficient or do we need
something that is less common (and thus prone to automation)? E.g.
WHATah2003EVER_at_[hidden] with a remark to remove all capital letters?
Regards,
Andreas
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk