Educause Security Discussion mailing list archives
Re: Address harvesting of EDUCAUSE?
From: Scott Fendley <scottf () UARK EDU>
Date: Mon, 28 Feb 2005 11:41:22 -0600
Yes that would be a good idea. But not hugely necessary. There is a new version of listserv that came out last year that will mask the addresses for non-subscribed/non-logged in users. If you are a subscriber, and you log into the interface then you can see all the addresses (from or in the body of the emails). If you don't log into the list server, then you get a masked email address that is not useful to anyone to try to harvest. So personally, I think the best course of action is to upgrade to the new version of listserv and it will correct the harvesting problem with this listserv mailing list server. For those that subscribe to the list and then harvest, there is not a lot to stop them from doing it through the list archives, or creating a list from emails like this one sent to the entire list. Scott Fendley On Mon, 28 Feb 2005, Kevin Shalla wrote:
Would it be a good idea to require a login (and you're required to subscribe to get a login) to search the archives? At 01:28 PM 2/26/2005, Steve Bernard wrote:Matthew Dalton wrote:I would be curious to know if anyone that has not posted to the list before has received spam. Through a very simple script in UNIX, I was able to get 84 addresses from the mailing list archive. It seems that the spammer wouldn't necessarily need to be a member of the list. They only need a web browser. By the way, I ran the script from my home machine, just to be sure that it was accessible from outside of .edu sites. Perhaps at the least these archives should be restricted to only members. lynx -dump 'http://listserv.educause.edu/cgi-bin/wa.exe?A1=ind0502&L=security' | grep 'From:' | awk '{print $NF}' | sort -uGood example. Email address harvesting from public listservs, forums, and websites has been going on for a long time. It seems that this list hasn't been targeted before. At least not noticeably. It's a good way to find live email addresses for directed marketing and other less honorable purposes. Given the audience I'm a bit surprised that so many seem to be experiencing this phenomena for the first time.********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: Address harvesting of EDUCAUSE?, (continued)
- Re: Address harvesting of EDUCAUSE? Dewitt Latimer (Feb 25)
- Re: Address harvesting of EDUCAUSE? Matthew Dalton (Feb 25)
- Re: Address harvesting of EDUCAUSE? Eric Pancer (Feb 25)
- Re: Address harvesting of EDUCAUSE? James Riden (Feb 25)
- Re: Address harvesting of EDUCAUSE? Peter Moody (Feb 25)
- Re: Address harvesting of EDUCAUSE? Mark Poepping (Feb 25)
- Re: Address harvesting of EDUCAUSE? Kay Sommers (Feb 25)
- Re: Address harvesting of EDUCAUSE? Stephen Bernard (Feb 26)
- Re: Address harvesting of EDUCAUSE? Kevin Shalla (Feb 28)
- Re: Address harvesting of EDUCAUSE? John Kristoff (Feb 28)
- Re: Address harvesting of EDUCAUSE? Scott Fendley (Feb 28)
- Re: Address harvesting of EDUCAUSE? Jeni Li (Feb 28)