httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: mod_mbox
Date Tue, 11 Oct 2005 17:24:22 GMT

Justin Erenkrantz wrote:

>> 3. We should probably turn on the email-address-obfiscation feature.  I 
>> personally would prefer if everyone could just use proper spam 
>> filtering, but I think the general expectation nowadays is that we try 
>> to avoid displaying raw addresses.
> 
> I think this feature is lame (and said so when it was proposed).
> Spammers are just going to de-obfuscate anyway.  Enabling this provides
> a false layer of security that does no one any good.

As has been pointed out, this is a trade off.  You can get real 
protection at the cost of losing the ability to find real email 
addresses.  Or you can get protection that will work against 95% or more 
of current web-robots and worms with a simple but reversible 
obfiscation.  I favor the latter, but mod_mbox currently provides only 
the former.

Although I agree with Justin in principle, the fact is that we are one 
of a very small number of major archives that provide unobfiscated email 
addresses.  As such, we are a major draw for worms and address 
harvesters.  Is this really an area where we want to stand out?

Joshua.

Mime
View raw message