Spam prevention

Spam prevention

[Richard Stallman]

Do people think this is worth even trying?
Are address harvesters still blocked by such simple things?

To: bug-gnu-emacs@gnu.org
From: jari.aalto@poboxes.com (Jari Aalto+mail.linux)
Organization: Private
Date: Sun, 04 Apr 2004 17:06:07 +0300
Subject: [patch] 21.3 add-log.el::add-log-mailing-address security (spam)
Sender: bug-gnu-emacs-bounces+rms=gnu.org@gnu.org


The following change will help selecting more appropriate default for
displayed identity in ChangeLogs. This helps fighting against spam
harversters by not letting then simply rip out all that looks like
"@". This is naturally tip of the iceberg, but I believe any measure
to improve security should be included in Emacs as well.

2004-04-04  Jari Aalto  <jari dot aalto _A@T_ poboxes dot com>

	* add-log.el (add-log-mailing-address): Refer to
	`add-log-user-mail-address' and suggest email 
	addrress that prevents spam.
	(add-log-user-mail-address): New. Spam protect
	`user-mail-address'.
	(add-change-log-entry): Use `add-log-user-mail-address'.

Index: add-log.el
===================================================================
RCS file: /cygdrive/h/data/version-control/cvsroot/emacs/gnu-emacs/lisp213/add-log.el,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -IId: -c -r1.1 -r1.2
cvs diff: conflicting specifications of output style
*** add-log.el	26 Jun 2003 18:06:05 -0000	1.1
--- add-log.el	4 Apr 2004 14:00:16 -0000	1.2
***************
*** 68,74 ****
  ;;;###autoload
  (defcustom add-log-mailing-address nil
    "*Electronic mail address of user, for inclusion in ChangeLog daily headers.
! This defaults to the value of `user-mail-address'."
    :type '(choice (const :tag "Default" nil)
  		 string)
    :group 'change-log)
--- 68,79 ----
  ;;;###autoload
  (defcustom add-log-mailing-address nil
    "*Electronic mail address of user, for inclusion in ChangeLog daily headers.
! This defaults to the value of function `add-log-user-mail-address'.
! If you set this yourself, consider using some Spam protected email format, 
! which could be: 
! 
!     john.doe _A T_ example.com
!     john DOT doe _AT_ example DOT com"
    :type '(choice (const :tag "Default" nil)
  		 string)
    :group 'change-log)
***************
*** 400,405 ****
--- 405,418 ----
  	  (file-name-sans-versions buffer-file)
  	buffer-file))))
  
+ (defun add-log-user-mail-address ()
+   "Return protected version of `user-rmail-address'."
+   (and (stringp user-mail-address)
+        (string-match "@" user-mail-address)
+        ;;  ' AT ' is too common, so use something else to 
+        ;;  make Unsolicited bulk email (spam) harvester's work harder.
+        (replace-match " _A T_ " nil nil user-mail-address)))
+ 
  ;;;###autoload
  (defun add-change-log-entry (&optional whoami file-name other-window new-entry)
    "Find change log file and add an entry for today.
***************
*** 419,425 ****
    (or add-log-full-name
        (setq add-log-full-name (user-full-name)))
    (or add-log-mailing-address
!       (setq add-log-mailing-address user-mail-address))
    (if whoami
        (progn
  	(setq add-log-full-name (read-input "Full name: " add-log-full-name))
--- 432,439 ----
    (or add-log-full-name
        (setq add-log-full-name (user-full-name)))
    (or add-log-mailing-address
!       (setq add-log-mailing-address 
! 	    (add-log-user-mail-address)))
    (if whoami
        (progn
  	(setq add-log-full-name (read-input "Full name: " add-log-full-name))





-- 
http://tiny-tools.sourceforge.net/
Swatch @time   http://www.mir.com.my/iTime/itime.htm
               http://www.ryanthiessen.com/swatch/resources.htm
Use Licenses!  http://www.linuxjournal.com/article.php?sid=6225
Which Licence? http://www.linuxjournal.com/article.php?sid=4825
OSI Licences   http://www.opensource.org/licenses/



_______________________________________________
Bug-gnu-emacs mailing list
Bug-gnu-emacs@gnu.org
http://mail.gnu.org/mailman/listinfo/bug-gnu-emacs

Re: Spam prevention

[Stefan Monnier]

> Do people think this is worth even trying?

I certainly don't.

> Are address harvesters still blocked by such simple things?

Are do they really bother to read ChangeLog files?


        Stefan

Re: Spam prevention

[John Wiegley]

no-spam@cua.dk (Kim F. Storm) writes:

>> > Do people think this is worth even trying?
>> I certainly don't.
> Me too.

Me neither.

>> > Are address harvesters still blocked by such simple things?
>> Are do they really bother to read ChangeLog files?
> You never know -- but it's definitely too late anyway.

I really doubt it will make even a dent in my SPAM flow.  And can't
people just customize "user-mail-address" itself, if they really care?

John

Re: Spam prevention

[Miles Bader]

On Mon, Apr 05, 2004 at 04:04:32AM +0200, Kim F. Storm wrote:
> > > Do people think this is worth even trying?
> > I certainly don't.
> Me too.

Agreed, that kind of obfuscation is often more annoying than it is helpful,
and I think this is one such case.

I also object to it out of principle -- I don't want to add gross hacks all
over the place because of idiots like spammers, and I find that conventional
spam filtering seems to work well enough that it's not really necessary (I've
_never_ obfuscated my email address, and have been using the same widely
exposed address many many years, but spam is nothing more than a minor
background irritation).

-Miles
-- 
Quidquid latine dictum sit, altum viditur.

Re: Spam prevention

[Stefan Monnier]

> I also object to it out of principle -- I don't want to add gross hacks all
> over the place because of idiots like spammers, and I find that conventional
> spam filtering seems to work well enough that it's not really necessary (I've
> _never_ obfuscated my email address, and have been using the same widely
> exposed address many many years, but spam is nothing more than a minor
> background irritation).

More to the point: people I know who obfuscate their email address get about
as much spam as I do.  Spammers seem to get their list of email from many
more places than newsgroups and web pages.


        Stefan

Re: Spam prevention

[Kim F. Storm]

Stefan Monnier <monnier@iro.umontreal.ca> writes:

> > Do people think this is worth even trying?
> 
> I certainly don't.

Me too.

> 
> > Are address harvesters still blocked by such simple things?
> 
> Are do they really bother to read ChangeLog files?

You never know -- but it's definitely too late anyway.

-- 
Kim F. Storm  http://www.cua.dk

Re: Spam prevention

[Eli Zaretskii]

> From: Stefan Monnier <monnier@iro.umontreal.ca>
> Date: 04 Apr 2004 19:52:04 -0400
> 
> > Are address harvesters still blocked by such simple things?
> 
> Are do they really bother to read ChangeLog files?

I think you can easily reach the ChangeLog's via Google and other
engines, since there's a Web interface to CVS.

But I also don't think it's a good idea to install this change, as it
will annoy us as well.

Re: Spam prevention

[Stefan Monnier]

>> > Are address harvesters still blocked by such simple things?
>> Are do they really bother to read ChangeLog files?
> I think you can easily reach the ChangeLog's via Google and other
> engines, since there's a Web interface to CVS.

[ It seems that Google does not index this part of savannah. ]
But then the same applies to all files in CVS, not just ChangeLog.

> But I also don't think it's a good idea to install this change, as it
> will annoy us as well.

For one thing add-log.el's font-lock regexps assume the presence of a @.


        Stefan

Re: Spam prevention

[Marcelo Toledo]

I think the same way the spam bot searchs for @ it can search for _A@T_
or anything else, also, if it was dynamic with random formats it would
be better, but the author of the bot could simply grab our source and
update his bot with all the formats.

IMHO this change will not help spam prevention.

Richard Stallman <rms@gnu.org> writes:

> Do people think this is worth even trying?
> Are address harvesters still blocked by such simple things?
>
> To: bug-gnu-emacs@gnu.org
> From: jari.aalto@poboxes.com (Jari Aalto+mail.linux)
> Organization: Private
> Date: Sun, 04 Apr 2004 17:06:07 +0300
> Subject: [patch] 21.3 add-log.el::add-log-mailing-address security (spam)
> Sender: bug-gnu-emacs-bounces+rms=gnu.org@gnu.org
>
>
> The following change will help selecting more appropriate default for
> displayed identity in ChangeLogs. This helps fighting against spam
> harversters by not letting then simply rip out all that looks like
> "@". This is naturally tip of the iceberg, but I believe any measure
> to improve security should be included in Emacs as well.
-- 
Marcelo Toledo
marcelo@marcelotoledo.org
http://www.marcelotoledo.org
Mobile: 55 71 9141-7181