From owner-freebsd-bugbusters@FreeBSD.ORG Sun Feb 15 02:14:42 2004 Return-Path: Delivered-To: freebsd-bugbusters@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E72516A4CE for ; Sun, 15 Feb 2004 02:14:42 -0800 (PST) Received: from grunt24.ihug.com.au (grunt24.ihug.com.au [203.109.249.144]) by mx1.FreeBSD.org (Postfix) with ESMTP id E51C543D1D for ; Sun, 15 Feb 2004 02:14:41 -0800 (PST) (envelope-from murray_baker@ihug.com.au) Received: from p16-max2.syd.ihug.com.au (peroxide) [203.173.155.80] by grunt24.ihug.com.au with smtp (Exim 3.35 #1 (Debian)) id 1AsJIN-0007pn-00; Sun, 15 Feb 2004 21:14:40 +1100 Message-Id: <3.0.3.32.20040215211107.009dde20@pop.ihug.com.au> X-Sender: murray_baker@pop.ihug.com.au X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.3 (32) Date: Sun, 15 Feb 2004 21:11:07 +1100 To: bugbusters@FreeBSD.org From: Murray Baker Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: i386/62382: Web access to PRs enables harvest email addresses for spamming. X-BeenThere: freebsd-bugbusters@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Coordination of the Problem Report handling effort. List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Feb 2004 10:14:42 -0000 Hi, See PR ``i386/62382''. http://www.freebsd.org/cgi/query-pr.cgi?pr=62382 Within days of submitting the update to ''i386/62382'', which has been appended to the original PR with my unmodified email address exposed, I have my first ever spams to this email address. Is this a coincidence? I know that this is a real pain, but I suggest that if email addresses are to be visible on web, they should be rendered into 'gif' or 'png' and the html then reference the bitmap. Bitmaps should use different fonts, colors, backgrounds to discourage ocr software. ``gfont-1.0.2'' will do some of the job. http://www.FreeBSD.org/cgi/url.cgi?ports/graphics/gfont/pkg-descr Examples at gfont homepage. http://www.engelschall.com/sw/gfont/example/ How many email addresses can be harvested from the complete set of PRs? http://www.freebsd.org/cgi/query-pr-summary.cgi My only defense against spam is to change email addresses frequently. Cheers, Murray. From owner-freebsd-bugbusters@FreeBSD.ORG Sun Feb 15 03:00:56 2004 Return-Path: Delivered-To: freebsd-bugbusters@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 864F816A4CE for ; Sun, 15 Feb 2004 03:00:56 -0800 (PST) Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C27743D1F for ; Sun, 15 Feb 2004 03:00:56 -0800 (PST) (envelope-from simon@arthur.nitro.dk) Received: by arthur.nitro.dk (Postfix, from userid 3000) id E8BBD1183E; Sun, 15 Feb 2004 12:00:54 +0100 (CET) Date: Sun, 15 Feb 2004 12:00:54 +0100 From: "Simon L. Nielsen" To: Murray Baker Message-ID: <20040215110053.GB722@arthur.nitro.dk> References: <3.0.3.32.20040215211107.009dde20@pop.ihug.com.au> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZoaI/ZTpAVc4A5k6" Content-Disposition: inline In-Reply-To: <3.0.3.32.20040215211107.009dde20@pop.ihug.com.au> User-Agent: Mutt/1.5.5.1i cc: bugbusters@FreeBSD.org Subject: Re: i386/62382: Web access to PRs enables harvest email addresses for spamming. X-BeenThere: freebsd-bugbusters@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Coordination of the Problem Report handling effort. List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Feb 2004 11:00:56 -0000 --ZoaI/ZTpAVc4A5k6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2004.02.15 21:11:07 +1100, Murray Baker wrote: > See PR ``i386/62382''. > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D62382 >=20 > Within days of submitting the update to ''i386/62382'', which has been > appended to the original PR with my unmodified email address exposed, I > have my first ever spams to this email address. Is this a coincidence? Probably not, but was it spam or the regular worm for the day virus mail? The worm mails are probably from windows users on the FreeBSD mailing lists with worms infested computers. > I know that this is a real pain, but I suggest that if email addresses > are to be visible on web, they should be rendered into 'gif' or 'png' > and the html then reference the bitmap. Bitmaps should use different > fonts, colors, backgrounds to discourage ocr software. As said several times before the GNATS database is mirrored around on all FreeBSD mirrors and all the PR's sent to public mailing lists, so hiding the email addresse on the web probably doesn't change much. If it's obscufated everywhere it will make it harder for the people who need to contact a PR submitter (which very likely will mean people just won't bother contacting a submitter if it's to much trouble). > My only defense against spam is to change email addresses frequently. Have you considered installing anti spam software like spamassasin? It catches almost all my spam (and I probably get a few hundred spam mails per day, and one or two a week get through the filters). Yes spam sucks, but personally I don't belive hiding/obfuscating works. I won't object if somebody changes the gnats webinterface to obfuscate email address, but I'm not going to do it myself, since I just don't belive it work. --=20 Simon L. Nielsen FreeBSD Documentation Team --ZoaI/ZTpAVc4A5k6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFAL1Flh9pcDSc1mlERAuKHAKCUs7ewvIVJrxdPc7doZcEJgU8cRgCfS29v HQQDBOzdwrGTTtzEs9ZOkZ0= =8LnS -----END PGP SIGNATURE----- --ZoaI/ZTpAVc4A5k6--