| Thread overview | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
August 16, 2012 [dmd-beta] Fw: lucky winner | ||||
|---|---|---|---|---|
| ||||
 | I'm starting to get a lot of bullshit like this on my "DMD Beta-List-Only" email address, which means this mailing list is an email harvesting ground. Which is not at all surprising considering this mailing list is a...*mailing list*. *Cough* *Ahem* On a NG, people who wish to can actually *omit* an email address entirely. *Cough* I'm sure that "Hey! Put up an email address to get spam-harvested!" is a GREAT way to entice people to join the beta list and actually participate in the betas. It might even explain the torrent we've been seeing of people clamoring to test the betas. (OTOH, what would I ever do without a convenient excuse to employ sarcasm? ;) ) Begin forwarded message: Date: Thu, 16 Aug 2012 13:48:00 +0530 From: "COCA'COLA"<mail@jamz.com> Subject: lucky winner COCA COLA ONLINE LOTTERY PROMOTION/PRIZE AWARD DEPT COCA COLA AVENUE STAMFORD BRIDGE LONDON SW1V 3DW UNITED KINGDOM. Dear Lottery Winner: This is to inform you that your E-mail Address has WON you the sum of 1,000,000.00 GBP (One Million Pound Sterling) from the Coca-Cola Online Promo 2012. The Draw No:1593. make a contact and collect your winning fund immediately, Fill the Information below and Send for claim: 1. Full Name: 2. Full Address: 3. State: 4. Occupation: 5. Age: 6. Sex: 7. Nationality/Country: 8. Winning Email: 9. Valid Phone Mobile Number: Your Online coordinator Mr. Gore William Coca-Cola Company Department, E-mail:claims_prize2012@hotmail.co.uk _______________________________________________ dmd-beta mailing list dmd-beta@puremagic.com http://lists.puremagic.com/mailman/listinfo/dmd-beta | |||
Permalink
ReplyAugust 16, 2012 Re: [dmd-beta] Fw: lucky winner | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Nick Sabalausky | On 8/16/2012 2:13 AM, Nick Sabalausky wrote: > I'm starting to get a lot of bullshit like this on my "DMD > Beta-List-Only" email address, which means this mailing list is > an email harvesting ground. Which is not at all surprising considering > this mailing list is a...*mailing list*. > Fortunately, thunderbird's spam filters do a reasonably good job for me. It's nowhere near the problem it used to be for that. _______________________________________________ dmd-beta mailing list dmd-beta@puremagic.com http://lists.puremagic.com/mailman/listinfo/dmd-beta | |||
August 16, 2012 Re: [dmd-beta] Fw: lucky winner | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Walter Bright | Walter Bright, el 16 de August a las 02:27 me escribiste: > On 8/16/2012 2:13 AM, Nick Sabalausky wrote: > >I'm starting to get a lot of bullshit like this on my "DMD > >Beta-List-Only" email address, which means this mailing list is > >an email harvesting ground. Which is not at all surprising considering > >this mailing list is a...*mailing list*. > > Fortunately, thunderbird's spam filters do a reasonably good job for me. It's nowhere near the problem it used to be for that. And you have to deal with spam anyway, unless you manage to completely avoid using e-mail, which seems like science fiction now :P, so is a pretty bad argument against mailing lists (even when I do like NTTP and use gmane to read several mailing lists through NNTP, I even maintain a Debian/Ubuntu package for mutt with the NNTP patch[1], that's how I like NNTP! :P). Is also a pretty bad argument to explain the lack of beta visibility. People are more familiar with e-mail and are more likely to subscribe to a mailing list rather than learn what the hell NNTP is. And other projects using mailing lists for betas (or nothing at all) get thousands of user testing betas because they announce betas in their web pages and regular announcement mailing lists. The lack of beta visibility is just because... well... they are hidden and not treated as a first class citizen. [1] http://www.llucax.com.ar/proj/mutt-nntp-debian/ -- Leandro Lucarella (AKA luca) http://llucax.com.ar/ ---------------------------------------------------------------------- GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145 104C 949E BFB6 5F5A 8D05) ---------------------------------------------------------------------- Es mucho mas probable que el salchichón sea primavera a que la primavera sea salchichón. -- Peperino Pómoro _______________________________________________ dmd-beta mailing list dmd-beta@puremagic.com http://lists.puremagic.com/mailman/listinfo/dmd-beta | |||
August 16, 2012 Re: [dmd-beta] Fw: lucky winner | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Leandro Lucarella | On Thu, 16 Aug 2012 12:50:34 +0200 Leandro Lucarella <luca@llucax.com.ar> wrote: > Walter Bright, el 16 de August a las 02:27 me escribiste: > > On 8/16/2012 2:13 AM, Nick Sabalausky wrote: > > >I'm starting to get a lot of bullshit like this on my "DMD Beta-List-Only" email address, which means this mailing list is an email harvesting ground. Which is not at all surprising considering this mailing list is a...*mailing list*. > > > > Fortunately, thunderbird's spam filters do a reasonably good job for me. It's nowhere near the problem it used to be for that. > > And you have to deal with spam anyway, unless you manage to completely avoid using e-mail, That's just simply not true, period. And that's easily one of the biggest myths on the internet: My primary address (which, yes, I do use, and more than any other address) doesn't get *any* spam, and I've been using it for years, *without* any spam filters on either the client or server side. The beauty of that is that not only do I *not* get any false positives for spam, it's not even *possible* to get false positives. Which is *exactly* as it should be. (What's the point of a spam folder if you have to go into it to get a legitimate message? None, it completely defeats the whole point.) The way I achieve this is by: 1. Only giving out my real address to real people, never machines, and only ever posting it with some "user [at] domain [dot] com" obfuscation (which is still generally avoided). 2. For machines: Such as mailing lists, website logins, businesses, etc., for these I create a special email address dedicated to that particular business, website, mailing list, etc., and don't use it for anything else. That way if I do get spam, I know exactly where the weakness is (DMD Beta's mailing list system, in this case), and can kill the email address and replace it with a new throwaway (if it's even worth it). No spam, no heuristic bullshit, no false positives. So yes, it *IS* possible, and not at all difficult. You'd be surprised just how few leaks there really are to email harvesters. Most systems are surprisingly resistent to leaking out addresses. Just not public mailing lists. _______________________________________________ dmd-beta mailing list dmd-beta@puremagic.com http://lists.puremagic.com/mailman/listinfo/dmd-beta | |||
August 16, 2012 Re: [dmd-beta] Fw: lucky winner | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Nick Sabalausky | On Thursday, August 16, 2012 13:09:56 Nick Sabalausky wrote: > No spam, no heuristic bullshit, no false positives. So yes, it > *IS* possible, and not at all difficult. You'd be surprised just how > few leaks there really are to email harvesters. Most systems are > surprisingly resistent to leaking out addresses. Just not public > mailing lists. In my experience, the primary source of spam is from mailing lists with leaks via friends accounts knowing my address being another. I don't generally get spam from addresses I use with stores. Most of my e-mail accounts have very little spam, and if I were getting enough spam, I'd seriously consider getting a new account. But even the spam from the mailing list is low enough that it's not all that big an issue (and I _never_ use spam filters without still looking at every e-mail to verify that it's spam - I just can't trust that it's going to be smart enough never to throw away something that I care about). But I probably should have obfuscated my e-mail address that I use for mailing lists the last time that I changed it (not much point now though). However, as much as I agree that considering any level of spam as acceptable and normal is a bit off, I still much prefer dealing with a mailing list than a newsgroup, since then I actually have syncing of what I've read across computers via IMAP. But it _is_ a bit odd that the beta list isn't treated the same as the others with regards to what interfaces it provides. - Jonathan M Davis _______________________________________________ dmd-beta mailing list dmd-beta@puremagic.com http://lists.puremagic.com/mailman/listinfo/dmd-beta | |||
August 17, 2012 Re: [dmd-beta] Fw: lucky winner | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Nick Sabalausky | Nick Sabalausky, el 16 de August a las 13:09 me escribiste: > The way I achieve this is by: > > 1. Only giving out my real address to real people, never machines, and only ever posting it with some "user [at] domain [dot] com" obfuscation (which is still generally avoided). > > 2. For machines: Such as mailing lists, website logins, businesses, etc., for these I create a special email address dedicated to that particular business, website, mailing list, etc., and don't use it for anything else. That way if I do get spam, I know exactly where the weakness is (DMD Beta's mailing list system, in this case), and can kill the email address and replace it with a new throwaway (if it's even worth it). > > No spam, no heuristic bullshit, no false positives. So yes, it *IS* possible, and not at all difficult. Well, we have different concepts of what "difficult" is. For me that's much more difficult than training my bogofilter for a couple of days and rest in peace leaving my real address *anywhere* without even bothering to obfuscate it in any way. See? luca@llucax.com.ar, luca@llucax.com.ar. :P If someone ever publishes your e-mail address in a website all your life's hard work of keeping your real address clean goes to the trash in a blink, and you can't just throw it away. > You'd be surprised just how few leaks there really are to email harvesters. Most systems are surprisingly resistent to leaking out addresses. Just not public mailing lists. That was not my experience, I even got spam in addresses I never give to ANYONE, not a single human being, and no machine. There are bots that are really trying popular usernames in domains they know they have a lot of users. -- Leandro Lucarella (AKA luca) http://llucax.com.ar/ ---------------------------------------------------------------------- GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145 104C 949E BFB6 5F5A 8D05) ---------------------------------------------------------------------- This homeless guy asked me for some money the other day. And I was gonna give it to him but then I thought you're just gonna use it on drugs or alcohol. And then I thought, that's what I'm gonna use it on. Why am I judging this poor bastard. _______________________________________________ dmd-beta mailing list dmd-beta@puremagic.com http://lists.puremagic.com/mailman/listinfo/dmd-beta | |||
August 17, 2012 Re: [dmd-beta] Fw: lucky winner | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Jonathan M Davis | Jonathan M Davis, el 16 de August a las 13:29 me escribiste: > On Thursday, August 16, 2012 13:09:56 Nick Sabalausky wrote: > > No spam, no heuristic bullshit, no false positives. So yes, it > > *IS* possible, and not at all difficult. You'd be surprised just how > > few leaks there really are to email harvesters. Most systems are > > surprisingly resistent to leaking out addresses. Just not public > > mailing lists. > > In my experience, the primary source of spam is from mailing lists with leaks via friends accounts knowing my address being another. I don't generally get spam from addresses I use with stores. Most of my e-mail accounts have very little spam, and if I were getting enough spam, I'd seriously consider getting a new account. But even the spam from the mailing list is low enough that it's not all that big an issue (and I _never_ use spam filters without still looking at every e-mail to verify that it's spam - I just can't trust that it's going to be smart enough never to throw away something that I care about). Well, I use bogofilter and is not smart at all (is bayesian) but is extremely effective. I used to check the spam folder, but at some point I stopped because there's been ages since the last false positive. But bogofilter have an intermediate status "unsure". I get about 25 spam e-mails per day and only about 1 goes to the unsure folder, and I would say only 1/4 of the unsure e-mail is not spam. -- Leandro Lucarella (AKA luca) http://llucax.com.ar/ ---------------------------------------------------------------------- GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145 104C 949E BFB6 5F5A 8D05) ---------------------------------------------------------------------- Que el viento y la lluvia sean dos hermanos y corran furiosos por los terraplenes de Víctor Heredia. -- Ricardo Vaporeso. Lanús, 1912. _______________________________________________ dmd-beta mailing list dmd-beta@puremagic.com http://lists.puremagic.com/mailman/listinfo/dmd-beta | |||
August 16, 2012 Re: [dmd-beta] Fw: lucky winner | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Leandro Lucarella | On Fri, 17 Aug 2012 00:23:36 +0200 Leandro Lucarella <luca@llucax.com.ar> wrote: > Well, we have different concepts of what "difficult" is. For me that's much more difficult than training my bogofilter for a couple of days and rest in peace leaving my real address *anywhere* without even bothering to obfuscate it in any way. I have a very, very, VERY strong hatred for even ONE false positive *or* negative. So I find this well worth it, and vastly easier than the impossible task of finding or developing a perfect filter. And the thing is, too, for all the enormous amount of effort that's gone into developing inevitably error-prone filters, if even a fraction of that effort had instead gone into improving usability and widespread feasibility of the "multiple disposable addresses" approach, than this approach would be *far* easier than it currently is and would be perfectly feasible even for ordinary "free webmail" users. It's just a dead-end approach vs an approach with real potential. > > If someone ever publishes your e-mail address in a website all your life's hard work of keeping your real address clean goes to the trash in a blink, and you can't just throw it away. > It happened once before, many years ago. All I do make a new one and inform everyone about it. Not a big deal. Even without my anti-spam tactic, people's emails do tend to change periodically anyway. And people don't seem to go posting each other's addresses much, although admittedly that may depend on the people you're around. > > That was not my experience, I even got spam in addresses I never give to ANYONE, not a single human being, and no machine. There are bots that are really trying popular usernames in domains they know they have a lot of users. > Yea, I suspected that at one point and made a trivial-to-guess username to test it, and was surprised I never got anything on it. But I guess maybe they *only* guess usernames for major email domains (my domain's anything but major). _______________________________________________ dmd-beta mailing list dmd-beta@puremagic.com http://lists.puremagic.com/mailman/listinfo/dmd-beta | |||
Copyright © 1999-2021 by the D Language Foundation