[-- Attachment #1.1: Type: text/plain, Size: 1027 bytes --] Hi all, I recently sent an email on this mailing list (see https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/ ) Since then, I'm receiving spams on the email address I used to send the message. After some research, it seems that this email address only appears on 2 websites, notably this orgmode.org mailing list archive. Would it be possible to configure the archive to obfuscate / hide the email addresses inorder to protect its users? According to what I understand, this list uses the "GNU mailman" software, which in turn uses "Pipermail" for the archive. From what I read in the docs (https://www.gnu.org/software/mailman/mailman-member/node40.html ), the default configuration should be that the email addresses are protected : "The HTML archives which are created by Pipermail (the archiving program which comes default with Mailman) contain only obscured addresses.". So is there a particular reason why this option has been disabled? Thanks for your feedback GM [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 236 bytes --]
Guillaume On Thu, Apr 08, 2021 at 10:29:00AM +0200, Guillaume MULLER wrote: > Hi all, > > I recently sent an email on this mailing list (see https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/ ) Yes you did, and the official archive is here where the list is hosted. https://lists.gnu.org/archive/html/emacs-orgmode/2021-04/msg00184.html > Since then, I'm receiving spams on the email address I used to send the message. Welcome to the tragedy of the commons known as the Internet. > Would it be possible to configure the archive to obfuscate / hide the email addresses inorder to protect its users? We do. The GNU mailing list archive that hosts the mailing list does. I can't say regarding the other. Maybe someone else can check it. ------------------------------------------------------------------ Russell Adams RLAdams@AdamsInfoServ.com PGP Key ID: 0x1160DCB3 http://www.adamsinfoserv.com/ Fingerprint: 1723 D8CA 4280 1EC9 557F 66E8 1154 E018 1160 DCB3
On 08/04/2021 10:29, Guillaume MULLER wrote: > Hi all, > > I recently sent an email on this mailing list (see https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/ ) > > Since then, I'm receiving spams on the email address I used to send the message. > > After some research, it seems that this email address only appears on 2 websites, notably this orgmode.org mailing list archive. A Google search demonstrates otherwise. > Would it be possible to configure the archive to obfuscate / hide the email addresses inorder to protect its users? In this time and age, it is not an useful anti-spam measure. It is much more likely that your email address is harvested from the address book or the received emails of someone that has their email account compromised because of a weak password (or, in this case, from any other website that publishes it). Cheers, Dan
Guillaume MULLER writes: > Hi all, > > I recently sent an email on this mailing list (see > https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/ > ) > > Since then, I'm receiving spams on the email address I used to send > the message. > > After some research, it seems that this email address only appears on > 2 websites, notably this orgmode.org mailing list archive. Your email address can also be harvested from the lists.gnu.org archives. Inspect the output of $ curl -fSsL https://lists.gnu.org/archive/html/emacs-orgmode/2020-07/msg00125.html $ curl -fSsL https://lists.gnu.org/archive/mbox/emacs-orgmode/2020-07 > Would it be possible to configure the archive to obfuscate / hide the > email addresses inorder to protect its users? <https://orgmode.org/list> and its upstream source <https://yhetil.org/orgmode> are public-inbox (<https://public-inbox.org/>) archives. There's an option (disabled by default) to configure address obfuscation. However, in my view email obfuscation is giving you a false sense of security. Ignoring other ways spammers get your address, you're posting to a public space, and your address can be harvested (and, as shown above, not just from these public-inbox archives). And this isn't something specific to Org mode's archives. Just as some examples, take a look at <https://lore.kernel.org/git/>, <https://issues.guix.gnu.org/>, <https://lists.sr.ht/~sircmpwn/sr.ht-discuss/>, or <https://lists.gnu.org/archive/html/emacs-devel/2021-04/msg00285.html>. Anyway, that being said and despite my opinion on this, I'm considering turning on obfuscation at <https://orgmode.org/list> and <https://yhetil.org/orgmode>. There's at least one issue that'd need to be fixed before doing so though: <https://public-inbox.org/meta/87a6q8p5qa.fsf@kyleam.com/>.
Kyle Meyer <kyle@kyleam.com> writes:
> Guillaume MULLER writes:
>
>> Hi all,
>>
>> I recently sent an email on this mailing list (see
>> https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/
>> )
>>
>> Since then, I'm receiving spams on the email address I used to send
>> the message.
>>
>> After some research, it seems that this email address only appears on
>> 2 websites, notably this orgmode.org mailing list archive.
>
> Your email address can also be harvested from the lists.gnu.org
> archives. Inspect the output of
>
> $ curl -fSsL https://lists.gnu.org/archive/html/emacs-orgmode/2020-07/msg00125.html
> $ curl -fSsL https://lists.gnu.org/archive/mbox/emacs-orgmode/2020-07
>
>> Would it be possible to configure the archive to obfuscate / hide the
>> email addresses inorder to protect its users?
>
> <https://orgmode.org/list> and its upstream source
> <https://yhetil.org/orgmode> are public-inbox
> (<https://public-inbox.org/>) archives. There's an option (disabled by
> default) to configure address obfuscation. However, in my view email
> obfuscation is giving you a false sense of security. Ignoring other
> ways spammers get your address, you're posting to a public space, and
> your address can be harvested (and, as shown above, not just from these
> public-inbox archives).
>
> And this isn't something specific to Org mode's archives. Just as some
> examples, take a look at <https://lore.kernel.org/git/>,
> <https://issues.guix.gnu.org/>,
> <https://lists.sr.ht/~sircmpwn/sr.ht-discuss/>, or
> <https://lists.gnu.org/archive/html/emacs-devel/2021-04/msg00285.html>.
>
> Anyway, that being said and despite my opinion on this, I'm considering
> turning on obfuscation at <https://orgmode.org/list> and
> <https://yhetil.org/orgmode>. There's at least one issue that'd need to
> be fixed before doing so though:
> <https://public-inbox.org/meta/87a6q8p5qa.fsf@kyleam.com/>.
I totally agree. I have no issue if 'hiding' email addresses can be done
and has no other unfortunate side effects, but I don't believe it
actually achieves much, so don't care if the default is not changed.
I think you have to accept that the email address you use in public mail
lists is going to be harvested and as others have mentioned, a lot of
email harvesting occurs when someone who has your address in their
address book has their system compromised.
The only sane action is good spam filtering. While I know a lot of
people complain about the Google gmail spam filtering, for me it is
remarkably accurate. It is unusual for me to see even a couple of spam
messages in my inbox every few months. My spam/junk box usually gets
around 10-15 messages a day and occasional messages flagged as spam
which are not (usually because the sender's mail server isn't doing SPF
or any of the other spam prevention headers correctly). Takes me about 1
minute to scan and 'delete forever' each day, so no big problem.
--
Tim Cross
* Guillaume MULLER <guillaume.muller@univ-st-etienne.fr> [2021-04-08 11:30]: > Hi all, > > I recently sent an email on this mailing list (see https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9845@univ-st-etienne.fr/ ) > > Since then, I'm receiving spams on the email address I used to send the message. > > After some research, it seems that this email address only appears on 2 websites, notably this orgmode.org mailing list archive. > > Would it be possible to configure the archive to obfuscate / hide > the email addresses inorder to protect its users? While your assumption is that you are getting spam because your email is published on those websites, this does not say it is true cause of you getting spam. It is enough that you give your email address to anybody, like a friend or associate, and you can start getting spam. Mailing list archives do not obfuscate email addresses, and in automated data harvesting that is easily solved. Please note, it is more important for people to communicate and be able to reach each other than taking care of individual spam problems. My side spam is mostly being solved automatically, server side, by using Spamhouse. You may advise to your email service provider to use that feature or some other feature. Spam problem is not a remote problem, not something on outside parties to solve, it is to be solved on your side. You may train your email client to recognize spam. Email is not and never was perfect. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns Sign an open letter in support of Richard M. Stallman https://rms-support-letter.github.io/
* Tim Cross <theophilusx@gmail.com> [2021-04-09 10:06]: > The only sane action is good spam filtering. While I know a lot of > people complain about the Google gmail spam filtering, for me it is > remarkably accurate. Maybe, but then you may also receive email mostly form public providers. My experience from stories of recipients tells me Google is not accurate, many genuine emails are missed. Nobody should use Google for emails. Why trust some 100,000 staff members with personal information? -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns Sign an open letter in support of Richard M. Stallman https://rms-support-letter.github.io/
Jean Louis <bugs@gnu.support> writes:
> Nobody should use Google for emails. Why trust some 100,000 staff
> members with personal information?
Please do not tell me what I should or shold not do. I am an adult
and am perfectly capable of making up my own mind thank you.
--
Tim Cross
Sorry Tim. While that is my opinion, it is not meant to be taken personally, I am corresponding with many people with Google account, that is really nothing personal. My opinion is for safety of users and awareness, though. Would you stubmle upon similar opinions on websites, it would not be taken that way. I did not mean to. Examples of privacy nightmare: https://medium.com/digitalprivacywise/why-you-should-stop-using-google-chrome-6c934c9a827c Example of surveillannce: https://en.wikipedia.org/wiki/PRISM_(surveillance_program) -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns Sign an open letter in support of Richard M. Stallman https://rms-support-letter.github.io/
Jean Louis <bugs@gnu.support> writes: > Sorry Tim. While that is my opinion, it is not meant to be taken > personally, I am corresponding with many people with Google account, > that is really nothing personal. > Your statement was personal and if that was not your intent, then think before you post and ensure what you write is what you mean. > My opinion is for safety of users and awareness, though. Would you > stubmle upon similar opinions on websites, it would not be taken that > way. I did not mean to. > Completely irrelevant. I did not join the org list to be lectured by you on privacy or your Google paranoia. I'm sure you can find a more appropriate outlet for such opinions. > Examples of privacy nightmare: > https://medium.com/digitalprivacywise/why-you-should-stop-using-google-chrome-6c934c9a827c > > Example of surveillannce: > https://en.wikipedia.org/wiki/PRISM_(surveillance_program) I'm not at all interested in your opinion on Google. This is an org mail list. If it does not relate to org or the list, I don't think it belongs here. -- Tim Cross