Thread overview
[dmd-beta] Fw: lucky winner
Aug 16, 2012
Nick Sabalausky
Aug 16, 2012
Walter Bright
Aug 16, 2012
Leandro Lucarella
Aug 16, 2012
Nick Sabalausky
Aug 16, 2012
Jonathan M Davis
Aug 16, 2012
Leandro Lucarella
Aug 16, 2012
Leandro Lucarella
Aug 16, 2012
Nick Sabalausky
August 16, 2012
I'm starting to get a lot of bullshit like this on my "DMD
Beta-List-Only" email address, which means this mailing list is
an email harvesting ground. Which is not at all surprising considering
this mailing list is a...*mailing list*.

*Cough* *Ahem* On a NG, people who wish to can actually *omit* an email address entirely. *Cough*

I'm sure that "Hey! Put up an email address to get spam-harvested!" is a GREAT way to entice people to join the beta list and actually participate in the betas. It might even explain the torrent we've been seeing of people clamoring to test the betas.

(OTOH, what would I ever do without a convenient excuse to employ
sarcasm? ;) )


Begin forwarded message:

Date: Thu, 16 Aug 2012 13:48:00 +0530
From: "COCA'COLA"<mail@jamz.com>
Subject: lucky winner


COCA COLA ONLINE LOTTERY
PROMOTION/PRIZE AWARD DEPT
COCA COLA AVENUE STAMFORD
BRIDGE LONDON
SW1V 3DW
UNITED KINGDOM.

Dear Lottery Winner:

This is to inform you that your E-mail Address has WON you the sum of 1,000,000.00 GBP  (One Million Pound Sterling) from the Coca-Cola Online Promo 2012. The Draw No:1593. make a contact and collect your winning fund immediately, Fill the Information  below and Send for claim:

1. Full Name:
2. Full Address:
3. State:
4. Occupation:
5. Age:
6. Sex:
7. Nationality/Country:
8. Winning Email:
9. Valid Phone Mobile Number:

Your Online coordinator
Mr. Gore William
Coca-Cola Company Department,
E-mail:claims_prize2012@hotmail.co.uk
_______________________________________________
dmd-beta mailing list
dmd-beta@puremagic.com
http://lists.puremagic.com/mailman/listinfo/dmd-beta

August 16, 2012
On 8/16/2012 2:13 AM, Nick Sabalausky wrote:
> I'm starting to get a lot of bullshit like this on my "DMD
> Beta-List-Only" email address, which means this mailing list is
> an email harvesting ground. Which is not at all surprising considering
> this mailing list is a...*mailing list*.
>

Fortunately, thunderbird's spam filters do a reasonably good job for me. It's nowhere near the problem it used to be for that.
_______________________________________________
dmd-beta mailing list
dmd-beta@puremagic.com
http://lists.puremagic.com/mailman/listinfo/dmd-beta

August 16, 2012
Walter Bright, el 16 de August a las 02:27 me escribiste:
> On 8/16/2012 2:13 AM, Nick Sabalausky wrote:
> >I'm starting to get a lot of bullshit like this on my "DMD
> >Beta-List-Only" email address, which means this mailing list is
> >an email harvesting ground. Which is not at all surprising considering
> >this mailing list is a...*mailing list*.
>
> Fortunately, thunderbird's spam filters do a reasonably good job for me. It's nowhere near the problem it used to be for that.

And you have to deal with spam anyway, unless you manage to completely
avoid using e-mail, which seems like science fiction now :P, so is
a pretty bad argument against mailing lists (even when I do like NTTP
and use gmane to read several mailing lists through NNTP, I even
maintain a Debian/Ubuntu package for mutt with the NNTP patch[1], that's
how I like NNTP! :P).

Is also a pretty bad argument to explain the lack of beta visibility. People are more familiar with e-mail and are more likely to subscribe to a mailing list rather than learn what the hell NNTP is. And other projects using mailing lists for betas (or nothing at all) get thousands of user testing betas because they announce betas in their web pages and regular announcement mailing lists. The lack of beta visibility is just because... well... they are hidden and not treated as a first class citizen.

[1] http://www.llucax.com.ar/proj/mutt-nntp-debian/

--
Leandro Lucarella (AKA luca)                     http://llucax.com.ar/
----------------------------------------------------------------------
GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145  104C 949E BFB6 5F5A 8D05)
----------------------------------------------------------------------
Es mucho mas probable que el salchichón sea primavera a que la primavera
sea salchichón.
	-- Peperino Pómoro
_______________________________________________
dmd-beta mailing list
dmd-beta@puremagic.com
http://lists.puremagic.com/mailman/listinfo/dmd-beta
August 16, 2012
On Thu, 16 Aug 2012 12:50:34 +0200
Leandro Lucarella <luca@llucax.com.ar> wrote:

> Walter Bright, el 16 de August a las 02:27 me escribiste:
> > On 8/16/2012 2:13 AM, Nick Sabalausky wrote:
> > >I'm starting to get a lot of bullshit like this on my "DMD Beta-List-Only" email address, which means this mailing list is an email harvesting ground. Which is not at all surprising considering this mailing list is a...*mailing list*.
> >
> > Fortunately, thunderbird's spam filters do a reasonably good job for me. It's nowhere near the problem it used to be for that.
> 
> And you have to deal with spam anyway, unless you manage to completely avoid using e-mail,

That's just simply not true, period. And that's easily one of the biggest myths on the internet:

My primary address (which, yes, I do use, and more than
any other address) doesn't get *any* spam, and I've been using it for
years, *without* any spam filters on either the client or server side.
The beauty of that is that not only do I *not* get any false positives
for spam, it's not even *possible* to get false positives. Which is
*exactly* as it should be. (What's the point of a spam folder if you
have to go into it to get a legitimate message? None, it completely
defeats the whole point.)

The way I achieve this is by:

1. Only giving out my real address to real people, never machines, and only ever posting it with some "user [at] domain [dot] com" obfuscation (which is still generally avoided).

2. For machines: Such as mailing lists, website logins, businesses, etc., for these I create a special email address dedicated to that particular business, website, mailing list, etc., and don't use it for anything else. That way if I do get spam, I know exactly where the weakness is (DMD Beta's mailing list system, in this case), and can kill the email address and replace it with a new throwaway (if it's even worth it).

No spam, no heuristic bullshit, no false positives. So yes, it
*IS* possible, and not at all difficult. You'd be surprised just how
few leaks there really are to email harvesters. Most systems are
surprisingly resistent to leaking out addresses. Just not public
mailing lists.
_______________________________________________
dmd-beta mailing list
dmd-beta@puremagic.com
http://lists.puremagic.com/mailman/listinfo/dmd-beta

August 16, 2012
On Thursday, August 16, 2012 13:09:56 Nick Sabalausky wrote:
> No spam, no heuristic bullshit, no false positives. So yes, it
> *IS* possible, and not at all difficult. You'd be surprised just how
> few leaks there really are to email harvesters. Most systems are
> surprisingly resistent to leaking out addresses. Just not public
> mailing lists.

In my experience, the primary source of spam is from mailing lists with leaks via friends accounts knowing my address being another. I don't generally get spam from addresses I use with stores. Most of my e-mail accounts have very little spam, and if I were getting enough spam, I'd seriously consider getting a new account. But even the spam from the mailing list is low enough that it's not all that big an issue (and I _never_ use spam filters without still looking at every e-mail to verify that it's spam - I just can't trust that it's going to be smart enough never to throw away something that I care about). But I probably should have obfuscated my e-mail address that I use for mailing lists the last time that I changed it (not much point now though).

However, as much as I agree that considering any level of spam as acceptable and normal is a bit off, I still much prefer dealing with a mailing list than a newsgroup, since then I actually have syncing of what I've read across computers via IMAP. But it _is_ a bit odd that the beta list isn't treated the same as the others with regards to what interfaces it provides.

- Jonathan M Davis
_______________________________________________
dmd-beta mailing list
dmd-beta@puremagic.com
http://lists.puremagic.com/mailman/listinfo/dmd-beta

August 17, 2012
Nick Sabalausky, el 16 de August a las 13:09 me escribiste:
> The way I achieve this is by:
>
> 1. Only giving out my real address to real people, never machines, and only ever posting it with some "user [at] domain [dot] com" obfuscation (which is still generally avoided).
>
> 2. For machines: Such as mailing lists, website logins, businesses, etc., for these I create a special email address dedicated to that particular business, website, mailing list, etc., and don't use it for anything else. That way if I do get spam, I know exactly where the weakness is (DMD Beta's mailing list system, in this case), and can kill the email address and replace it with a new throwaway (if it's even worth it).
>
> No spam, no heuristic bullshit, no false positives. So yes, it *IS* possible, and not at all difficult.

Well, we have different concepts of what "difficult" is. For me that's
much more difficult than training my bogofilter for a couple of days and
rest in peace leaving my real address *anywhere* without even bothering
to obfuscate it in any way. See? luca@llucax.com.ar,
luca@llucax.com.ar. :P
If someone ever publishes your e-mail address in a website all your
life's hard work of keeping your real address clean goes to the trash in
a blink, and you can't just throw it away.

> You'd be surprised just how few leaks there really are to email harvesters. Most systems are surprisingly resistent to leaking out addresses. Just not public mailing lists.

That was not my experience, I even got spam in addresses I never give to ANYONE, not a single human being, and no machine. There are bots that are really trying popular usernames in domains they know they have a lot of users.


--
Leandro Lucarella (AKA luca)                     http://llucax.com.ar/
----------------------------------------------------------------------
GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145  104C 949E BFB6 5F5A 8D05)
----------------------------------------------------------------------
This homeless guy asked me for some money the other day.
And I was gonna give it to him but then I thought you're
just gonna use it on drugs or alcohol.
And then I thought, that's what I'm gonna use it on.
Why am I judging this poor bastard.
_______________________________________________
dmd-beta mailing list
dmd-beta@puremagic.com
http://lists.puremagic.com/mailman/listinfo/dmd-beta

August 17, 2012
Jonathan M Davis, el 16 de August a las 13:29 me escribiste:
> On Thursday, August 16, 2012 13:09:56 Nick Sabalausky wrote:
> > No spam, no heuristic bullshit, no false positives. So yes, it
> > *IS* possible, and not at all difficult. You'd be surprised just how
> > few leaks there really are to email harvesters. Most systems are
> > surprisingly resistent to leaking out addresses. Just not public
> > mailing lists.
>
> In my experience, the primary source of spam is from mailing lists with leaks via friends accounts knowing my address being another. I don't generally get spam from addresses I use with stores. Most of my e-mail accounts have very little spam, and if I were getting enough spam, I'd seriously consider getting a new account. But even the spam from the mailing list is low enough that it's not all that big an issue (and I _never_ use spam filters without still looking at every e-mail to verify that it's spam - I just can't trust that it's going to be smart enough never to throw away something that I care about).

Well, I use bogofilter and is not smart at all (is bayesian) but is extremely effective. I used to check the spam folder, but at some point I stopped because there's been ages since the last false positive. But bogofilter have an intermediate status "unsure". I get about 25 spam e-mails per day and only about 1 goes to the unsure folder, and I would say only 1/4 of the unsure e-mail is not spam.

--
Leandro Lucarella (AKA luca)                     http://llucax.com.ar/
----------------------------------------------------------------------
GPG Key: 5F5A8D05 (F8CD F9A7 BF00 5431 4145  104C 949E BFB6 5F5A 8D05)
----------------------------------------------------------------------
Que el viento y la lluvia sean dos hermanos y corran furiosos por los
terraplenes de Víctor Heredia.
	-- Ricardo Vaporeso. Lanús, 1912.
_______________________________________________
dmd-beta mailing list
dmd-beta@puremagic.com
http://lists.puremagic.com/mailman/listinfo/dmd-beta
August 16, 2012
On Fri, 17 Aug 2012 00:23:36 +0200
Leandro Lucarella <luca@llucax.com.ar> wrote:
> Well, we have different concepts of what "difficult" is. For me that's much more difficult than training my bogofilter for a couple of days and rest in peace leaving my real address *anywhere* without even bothering to obfuscate it in any way.

I have a very, very, VERY strong hatred for even ONE false positive *or* negative. So I find this well worth it, and vastly easier than the impossible task of finding or developing a perfect filter.

And the thing is, too, for all the enormous amount of effort that's
gone into developing inevitably error-prone filters, if even a fraction
of that effort had instead gone into improving usability and widespread
feasibility of the "multiple disposable addresses" approach, than this
approach would be *far* easier than it currently is and would be
perfectly feasible even for ordinary "free webmail" users. It's just
a dead-end approach vs an approach with real potential.

> 
> If someone ever publishes your e-mail address in a website all your life's hard work of keeping your real address clean goes to the trash in a blink, and you can't just throw it away.
> 

It happened once before, many years ago. All I do make a new one and
inform everyone about it. Not a big deal. Even without my
anti-spam tactic, people's emails do tend to change periodically anyway.
And people don't seem to go posting each other's addresses much,
although admittedly that may depend on the people you're around.

> 
> That was not my experience, I even got spam in addresses I never give to ANYONE, not a single human being, and no machine. There are bots that are really trying popular usernames in domains they know they have a lot of users.
> 

Yea, I suspected that at one point and made a trivial-to-guess
username to test it, and was surprised I never got anything on it. But I
guess maybe they *only* guess usernames for major email domains (my
domain's anything but major).
_______________________________________________
dmd-beta mailing list
dmd-beta@puremagic.com
http://lists.puremagic.com/mailman/listinfo/dmd-beta