[MLB-WIRELESS] Email address format of online mail archives

Craig Sanders cas at taz.net.au
Wed Oct 17 12:57:17 EST 2007 

On Wed, Oct 17, 2007 at 12:35:17PM +1000, Rowan 2008 wrote:
> I recently changed my outbound email address and already I'm seeing spam. 
> I have sent very few outbound emails so I suspect my address may have been 
> sourced from the melbwireless mail archives available online. Is there any 
> way to obfuscate the address further? It's currently displayed in 
> "username at domain.com" format (eg 
> http://wireless.org.au/pipermail/melbwireless/2007-September/020657.html ) 
> which isn't hard for a spam crawler program to decode...

there's little point in munging addresses. it makes some people feel a
little better but it doesn't actually achieve anything useful, and it
makes it difficult for a real person to send a private reply/question
when they're reading the archives.

spammers will get your address no matter what you do (and once they do,
it will just get onto more and more spam lists), so you're going to have
to have decent spam filtering anyway.

they don't even need to trawl the address from a web site or anything.
they randomly make them up, spam them, and don't give a damn whether the
address actually exists or not - they're not paying for the bandwidth
and they've got zombie bot networks with tens of thousands or millions
of compromised windows machines to do the spamming for them.





e.g. i've used the same email address for nearly 15 years now. my home
mail server rejects between 50,000 and 70,000 spams per week. a few
hundred more get caught by spamassassin. in a bad week, maybe a handful
get through to either my inbox or, more often, to one of my mailing list
folders.

from last week's mail logs:

79600 rejected by postfix (out of 80121 total inbound messages)

messages received by postfix and processed by SpamAssassin:
     79	spam (i.e. tagged and diverted to a spam folder)
    442	clean
    521	TOTAL

Percentages:
spam ratio      (79679/80121) 99.45%
tagged messages (79/521) 15.16%
rejected spam   (79600/79679) 99.90%


99.9% spam rejection/tagging rate is pretty good.


many of the rejected spams were sent to addresses that don't exist on
my system, never have existed, and never will exist. spammers populate
their lists with millions of bogus addresses on the off chance that the
address might exist, and because a list of 100,000,000 addresses sounds
more impressive to prospective spammer clients than a list of 1,000,000
addresses.

and it's been the same story on every mail server i've run, at work
(including for various ISPs), at home, on other mail servers i've been
contracted to build, and so on.

hiding your address doesn't work.  good spam-filtering can work.


craig

-- 
craig sanders <cas at taz.net.au>

Any priest or shaman must be presumed guilty until proved innocent.
		-- Lazarus Long

More information about the Melbwireless mailing list