Kyle Meyer <k...@kyleam.com> writes:
> Guillaume MULLER writes: > >> Hi all, >> >> I recently sent an email on this mailing list (see >> https://orgmode.org/list/b1e778c5-acbf-8a17-c9bf-dcb6693e9...@univ-st-etienne.fr/ >> ) >> >> Since then, I'm receiving spams on the email address I used to send >> the message. >> >> After some research, it seems that this email address only appears on >> 2 websites, notably this orgmode.org mailing list archive. > > Your email address can also be harvested from the lists.gnu.org > archives. Inspect the output of > > $ curl -fSsL > https://lists.gnu.org/archive/html/emacs-orgmode/2020-07/msg00125.html > $ curl -fSsL https://lists.gnu.org/archive/mbox/emacs-orgmode/2020-07 > >> Would it be possible to configure the archive to obfuscate / hide the >> email addresses inorder to protect its users? > > <https://orgmode.org/list> and its upstream source > <https://yhetil.org/orgmode> are public-inbox > (<https://public-inbox.org/>) archives. There's an option (disabled by > default) to configure address obfuscation. However, in my view email > obfuscation is giving you a false sense of security. Ignoring other > ways spammers get your address, you're posting to a public space, and > your address can be harvested (and, as shown above, not just from these > public-inbox archives). > > And this isn't something specific to Org mode's archives. Just as some > examples, take a look at <https://lore.kernel.org/git/>, > <https://issues.guix.gnu.org/>, > <https://lists.sr.ht/~sircmpwn/sr.ht-discuss/>, or > <https://lists.gnu.org/archive/html/emacs-devel/2021-04/msg00285.html>. > > Anyway, that being said and despite my opinion on this, I'm considering > turning on obfuscation at <https://orgmode.org/list> and > <https://yhetil.org/orgmode>. There's at least one issue that'd need to > be fixed before doing so though: > <https://public-inbox.org/meta/87a6q8p5qa....@kyleam.com/>. I totally agree. I have no issue if 'hiding' email addresses can be done and has no other unfortunate side effects, but I don't believe it actually achieves much, so don't care if the default is not changed. I think you have to accept that the email address you use in public mail lists is going to be harvested and as others have mentioned, a lot of email harvesting occurs when someone who has your address in their address book has their system compromised. The only sane action is good spam filtering. While I know a lot of people complain about the Google gmail spam filtering, for me it is remarkably accurate. It is unusual for me to see even a couple of spam messages in my inbox every few months. My spam/junk box usually gets around 10-15 messages a day and occasional messages flagged as spam which are not (usually because the sender's mail server isn't doing SPF or any of the other spam prevention headers correctly). Takes me about 1 minute to scan and 'delete forever' each day, so no big problem. -- Tim Cross
