* Spam prevention
@ 2004-04-04 23:39 Richard Stallman
2004-04-04 23:52 ` Stefan Monnier
2004-04-05 22:56 ` Marcelo Toledo
0 siblings, 2 replies; 9+ messages in thread
From: Richard Stallman @ 2004-04-04 23:39 UTC (permalink / raw)
Do people think this is worth even trying?
Are address harvesters still blocked by such simple things?
To: bug-gnu-emacs@gnu.org
From: jari.aalto@poboxes.com (Jari Aalto+mail.linux)
Organization: Private
Date: Sun, 04 Apr 2004 17:06:07 +0300
Subject: [patch] 21.3 add-log.el::add-log-mailing-address security (spam)
Sender: bug-gnu-emacs-bounces+rms=gnu.org@gnu.org
The following change will help selecting more appropriate default for
displayed identity in ChangeLogs. This helps fighting against spam
harversters by not letting then simply rip out all that looks like
"@". This is naturally tip of the iceberg, but I believe any measure
to improve security should be included in Emacs as well.
2004-04-04 Jari Aalto <jari dot aalto _A@T_ poboxes dot com>
* add-log.el (add-log-mailing-address): Refer to
`add-log-user-mail-address' and suggest email
addrress that prevents spam.
(add-log-user-mail-address): New. Spam protect
`user-mail-address'.
(add-change-log-entry): Use `add-log-user-mail-address'.
Index: add-log.el
===================================================================
RCS file: /cygdrive/h/data/version-control/cvsroot/emacs/gnu-emacs/lisp213/add-log.el,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -IId: -c -r1.1 -r1.2
cvs diff: conflicting specifications of output style
*** add-log.el 26 Jun 2003 18:06:05 -0000 1.1
--- add-log.el 4 Apr 2004 14:00:16 -0000 1.2
***************
*** 68,74 ****
;;;###autoload
(defcustom add-log-mailing-address nil
"*Electronic mail address of user, for inclusion in ChangeLog daily headers.
! This defaults to the value of `user-mail-address'."
:type '(choice (const :tag "Default" nil)
string)
:group 'change-log)
--- 68,79 ----
;;;###autoload
(defcustom add-log-mailing-address nil
"*Electronic mail address of user, for inclusion in ChangeLog daily headers.
! This defaults to the value of function `add-log-user-mail-address'.
! If you set this yourself, consider using some Spam protected email format,
! which could be:
!
! john.doe _A T_ example.com
! john DOT doe _AT_ example DOT com"
:type '(choice (const :tag "Default" nil)
string)
:group 'change-log)
***************
*** 400,405 ****
--- 405,418 ----
(file-name-sans-versions buffer-file)
buffer-file))))
+ (defun add-log-user-mail-address ()
+ "Return protected version of `user-rmail-address'."
+ (and (stringp user-mail-address)
+ (string-match "@" user-mail-address)
+ ;; ' AT ' is too common, so use something else to
+ ;; make Unsolicited bulk email (spam) harvester's work harder.
+ (replace-match " _A T_ " nil nil user-mail-address)))
+
;;;###autoload
(defun add-change-log-entry (&optional whoami file-name other-window new-entry)
"Find change log file and add an entry for today.
***************
*** 419,425 ****
(or add-log-full-name
(setq add-log-full-name (user-full-name)))
(or add-log-mailing-address
! (setq add-log-mailing-address user-mail-address))
(if whoami
(progn
(setq add-log-full-name (read-input "Full name: " add-log-full-name))
--- 432,439 ----
(or add-log-full-name
(setq add-log-full-name (user-full-name)))
(or add-log-mailing-address
! (setq add-log-mailing-address
! (add-log-user-mail-address)))
(if whoami
(progn
(setq add-log-full-name (read-input "Full name: " add-log-full-name))
--
http://tiny-tools.sourceforge.net/
Swatch @time http://www.mir.com.my/iTime/itime.htm
http://www.ryanthiessen.com/swatch/resources.htm
Use Licenses! http://www.linuxjournal.com/article.php?sid=6225
Which Licence? http://www.linuxjournal.com/article.php?sid=4825
OSI Licences http://www.opensource.org/licenses/
_______________________________________________
Bug-gnu-emacs mailing list
Bug-gnu-emacs@gnu.org
http://mail.gnu.org/mailman/listinfo/bug-gnu-emacs
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Spam prevention
2004-04-04 23:39 Spam prevention Richard Stallman
@ 2004-04-04 23:52 ` Stefan Monnier
2004-04-05 2:04 ` Kim F. Storm
2004-04-05 9:11 ` Eli Zaretskii
2004-04-05 22:56 ` Marcelo Toledo
1 sibling, 2 replies; 9+ messages in thread
From: Stefan Monnier @ 2004-04-04 23:52 UTC (permalink / raw)
Cc: emacs-devel
> Do people think this is worth even trying?
I certainly don't.
> Are address harvesters still blocked by such simple things?
Are do they really bother to read ChangeLog files?
Stefan
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Spam prevention
2004-04-05 2:04 ` Kim F. Storm
@ 2004-04-05 0:28 ` John Wiegley
2004-04-05 1:32 ` Miles Bader
1 sibling, 0 replies; 9+ messages in thread
From: John Wiegley @ 2004-04-05 0:28 UTC (permalink / raw)
no-spam@cua.dk (Kim F. Storm) writes:
>> > Do people think this is worth even trying?
>> I certainly don't.
> Me too.
Me neither.
>> > Are address harvesters still blocked by such simple things?
>> Are do they really bother to read ChangeLog files?
> You never know -- but it's definitely too late anyway.
I really doubt it will make even a dent in my SPAM flow. And can't
people just customize "user-mail-address" itself, if they really care?
John
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Spam prevention
2004-04-05 2:04 ` Kim F. Storm
2004-04-05 0:28 ` John Wiegley
@ 2004-04-05 1:32 ` Miles Bader
2004-04-05 1:41 ` Stefan Monnier
1 sibling, 1 reply; 9+ messages in thread
From: Miles Bader @ 2004-04-05 1:32 UTC (permalink / raw)
Cc: emacs-devel, Stefan Monnier, rms
On Mon, Apr 05, 2004 at 04:04:32AM +0200, Kim F. Storm wrote:
> > > Do people think this is worth even trying?
> > I certainly don't.
> Me too.
Agreed, that kind of obfuscation is often more annoying than it is helpful,
and I think this is one such case.
I also object to it out of principle -- I don't want to add gross hacks all
over the place because of idiots like spammers, and I find that conventional
spam filtering seems to work well enough that it's not really necessary (I've
_never_ obfuscated my email address, and have been using the same widely
exposed address many many years, but spam is nothing more than a minor
background irritation).
-Miles
--
Quidquid latine dictum sit, altum viditur.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Spam prevention
2004-04-05 1:32 ` Miles Bader
@ 2004-04-05 1:41 ` Stefan Monnier
0 siblings, 0 replies; 9+ messages in thread
From: Stefan Monnier @ 2004-04-05 1:41 UTC (permalink / raw)
Cc: emacs-devel, rms, Kim F. Storm
> I also object to it out of principle -- I don't want to add gross hacks all
> over the place because of idiots like spammers, and I find that conventional
> spam filtering seems to work well enough that it's not really necessary (I've
> _never_ obfuscated my email address, and have been using the same widely
> exposed address many many years, but spam is nothing more than a minor
> background irritation).
More to the point: people I know who obfuscate their email address get about
as much spam as I do. Spammers seem to get their list of email from many
more places than newsgroups and web pages.
Stefan
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Spam prevention
2004-04-04 23:52 ` Stefan Monnier
@ 2004-04-05 2:04 ` Kim F. Storm
2004-04-05 0:28 ` John Wiegley
2004-04-05 1:32 ` Miles Bader
2004-04-05 9:11 ` Eli Zaretskii
1 sibling, 2 replies; 9+ messages in thread
From: Kim F. Storm @ 2004-04-05 2:04 UTC (permalink / raw)
Cc: rms, emacs-devel
Stefan Monnier <monnier@iro.umontreal.ca> writes:
> > Do people think this is worth even trying?
>
> I certainly don't.
Me too.
>
> > Are address harvesters still blocked by such simple things?
>
> Are do they really bother to read ChangeLog files?
You never know -- but it's definitely too late anyway.
--
Kim F. Storm http://www.cua.dk
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Spam prevention
2004-04-04 23:52 ` Stefan Monnier
2004-04-05 2:04 ` Kim F. Storm
@ 2004-04-05 9:11 ` Eli Zaretskii
2004-04-05 20:26 ` Stefan Monnier
1 sibling, 1 reply; 9+ messages in thread
From: Eli Zaretskii @ 2004-04-05 9:11 UTC (permalink / raw)
Cc: emacs-devel
> From: Stefan Monnier <monnier@iro.umontreal.ca>
> Date: 04 Apr 2004 19:52:04 -0400
>
> > Are address harvesters still blocked by such simple things?
>
> Are do they really bother to read ChangeLog files?
I think you can easily reach the ChangeLog's via Google and other
engines, since there's a Web interface to CVS.
But I also don't think it's a good idea to install this change, as it
will annoy us as well.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Spam prevention
2004-04-05 9:11 ` Eli Zaretskii
@ 2004-04-05 20:26 ` Stefan Monnier
0 siblings, 0 replies; 9+ messages in thread
From: Stefan Monnier @ 2004-04-05 20:26 UTC (permalink / raw)
Cc: emacs-devel
>> > Are address harvesters still blocked by such simple things?
>> Are do they really bother to read ChangeLog files?
> I think you can easily reach the ChangeLog's via Google and other
> engines, since there's a Web interface to CVS.
[ It seems that Google does not index this part of savannah. ]
But then the same applies to all files in CVS, not just ChangeLog.
> But I also don't think it's a good idea to install this change, as it
> will annoy us as well.
For one thing add-log.el's font-lock regexps assume the presence of a @.
Stefan
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Spam prevention
2004-04-04 23:39 Spam prevention Richard Stallman
2004-04-04 23:52 ` Stefan Monnier
@ 2004-04-05 22:56 ` Marcelo Toledo
1 sibling, 0 replies; 9+ messages in thread
From: Marcelo Toledo @ 2004-04-05 22:56 UTC (permalink / raw)
I think the same way the spam bot searchs for @ it can search for _A@T_
or anything else, also, if it was dynamic with random formats it would
be better, but the author of the bot could simply grab our source and
update his bot with all the formats.
IMHO this change will not help spam prevention.
Richard Stallman <rms@gnu.org> writes:
> Do people think this is worth even trying?
> Are address harvesters still blocked by such simple things?
>
> To: bug-gnu-emacs@gnu.org
> From: jari.aalto@poboxes.com (Jari Aalto+mail.linux)
> Organization: Private
> Date: Sun, 04 Apr 2004 17:06:07 +0300
> Subject: [patch] 21.3 add-log.el::add-log-mailing-address security (spam)
> Sender: bug-gnu-emacs-bounces+rms=gnu.org@gnu.org
>
>
> The following change will help selecting more appropriate default for
> displayed identity in ChangeLogs. This helps fighting against spam
> harversters by not letting then simply rip out all that looks like
> "@". This is naturally tip of the iceberg, but I believe any measure
> to improve security should be included in Emacs as well.
--
Marcelo Toledo
marcelo@marcelotoledo.org
http://www.marcelotoledo.org
Mobile: 55 71 9141-7181
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2004-04-05 22:56 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-04-04 23:39 Spam prevention Richard Stallman
2004-04-04 23:52 ` Stefan Monnier
2004-04-05 2:04 ` Kim F. Storm
2004-04-05 0:28 ` John Wiegley
2004-04-05 1:32 ` Miles Bader
2004-04-05 1:41 ` Stefan Monnier
2004-04-05 9:11 ` Eli Zaretskii
2004-04-05 20:26 ` Stefan Monnier
2004-04-05 22:56 ` Marcelo Toledo
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).