forrest-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Crossley <cross...@indexgeo.com.au>
Subject obfuscate email addresses (Was: cvs commit: xml-forrest status.xml)
Date Thu, 18 Sep 2003 04:20:11 GMT
Antonio Gallardo wrote:
> >   +        due-to="Eric Burghard" due-to-email="eburghar.AT.free.fr" >
>
> I has concern about using email of people here. Many spammers are
> searching with robots the websites to hunt emails of people. I really
> heates the SPAM - in both presentations ;).
> 
> I suggest to change the address or better not post emails of people at all.
> 
> comments?

Cheche opened an issue to address this: FOR-67. Thanks Antonio
for raising this important topic.

I too strongly support obfuscation of all email addresses. The Forrest
generated "changes" page provides a gold-mine for spammers to harvest.

I would rather that we did not use mailto links at all there. Perhaps
just show the email address as plain text and scrambled, but preferably
drop it altogether.

The cvs commit log emails also cause a problem, because they show the
"due-to-email" attribute as Antonio has shown above. So they can be
harvested from the various email archives, e.g. MARC.

Similarly the whole status.xml file can be extracted via the ViewCVS
URLs and processed by spambots.

I propose that we just completely drop the "due-to-email" attribute
from our "status.xml" and obfuscate any other email address.

Another related issue is when people reply to the cvs commit log emails.
Some people forget to clean up the reply to remove email addresses and
other cruft.

--David


Mime
View raw message