Date: Thu, 25 Apr 2002 22:04:45 -0400 (EDT) From: "Keith F. Lynch" <kfl at keithlynch.net> To: WSFAlist at keithlynch.net Subject: [WSFA] Re: On Google and WSFA policy Cc: jekindell at aol.com, macbuccfo at msn.com, erjablow at cais.com, mike.nelson at seahunt.org Reply-To: WSFA members <WSFAlist at keithlynch.net> Steve Smith <sgs at aginc.net> wrote: > Keith, I think the reason that you receive so much spam is that you > are an active spam fighter. That's part of it. I have thousands of web pages, many of which contain my email address. I have posted thousands of messages on hundreds of newsgroups and mailing lists for over more than twenty years. A great many email addresses will get email to me. I made the mistake of registering on hundreds of spammer remove lists, including over a dozen "global" or "universal" remove lists. (Not because I thought they would work, but so as to be able to say I had done so if criticized by spam defenders who might claim I have no cause for complaint since I never asked the spam to stop.) Those lists are used as sources of addresses to spam. For many years, I refused to filter. I still refuse to "munge," disguise, or hide my email address in my many newsgroup postings. > You receive an order of magnitude more spam than anybody else I know. These numbers vary enormously. I am nowhere near the top. A few months ago, T. William Wells (a fan living in New Jersey) told me he was receiving over 100,000 spams per day. (His filters stop all but a few hundred of them.) I've heard of people getting over a million. > (Interesting psychology there -- "punish" somebody by giving them > more of what you're trying to sell.) Spammers know that their fraudulent crap is unwelcome by almost all of its recipients. But since it's sent at the expense of others, they can profit if just one person in ten million is stupid enough to give them a credit card number. Especially since they promptly max out the credit card. And then use it to adopt the sucker's identity for their next round of spamming. > Personally, I think that trying to "spamproof" ourselves is a waste > of time. That said, I agree with keeping all but "public contact" > e-mail addresses off of the public part of the WSFA website. Done, except for email addresses that appeared in the WSFA Journal. Perhaps those should be blanked out, as street addresses already are. Only my email address and the email addresses of officers should appear on the main site. Capclave staff contact email addresses appear on the Capclave page. http://www.wsfa.org/members.htm used to contain many members' email addresses (with their permission), but in October 2000, after all those addresses were spammed, I moved it to a page there are no links to. The old page contains The list of WSFA members (and others) who wished to be listed, along with their e-mail addresses and web pages, has been moved to http://www.wsfa.org/X.htm Replace the X with the name of the large convention held in Baltimore in August/September of 1998. This should block spammers without seriously inconveniencing fans. Colleen also maintains an unrelated list of member's email addresses and street addresses. Her list has never been on our web site. Or on any other web site that I know of. (One reason to do a Google search on various members' names is to make sure of this.) > Easiest way to do this is to simply not put a link to the mailing > list archives on the main site. And indeed there are no such links, and never have been. Only WSFA members have been informed of the location of the archives (http://www.wsfa.org/list/). I also do a Google search for the archives at least once a week. If I ever find them, I'll know the URL leaked out somehow, and I will move the archives to a different URL. Removing the archive would be an annoyance to those WSFAns who prefer to read the messages on the web rather than via email. And to those who temporarily unsubscribe and want to catch up after returning from a trip. It's also a good resource for new subscribers to the list, and for new WSFA members. It's also a good way for members to point at a past message if they wish to discuss it, or reply to it, or direct attention to it. And, of course, removing the archive would not preclude any number of WSFAns from keeping their own archive. Everyone should assume that anything they post - in ANY forum -- will be around until the end of time. As I mentioned before, a CD-ROM my brother bought thousands of miles from here nine years ago turned out to contain messages I had posted more than ten years earlier. As a second line of defense against spammers harvesting the archives, should they somehow find them, the archives contain not a single at sign. All such symbols have been replaced with the word "at". As such, they're still human readable, since context should make it perfectly clear whether you're looking at an email address or a sentence in English. But completely immune to automatic harvesting, which is the only kind spammers use, since lists of email addresses can be bought for 1000 per penny, making manual harvesting totally uneconomical. > I would also suggest a banner that says "PLEASE DO NOT LINK TO > THIS PAGE". Good idea. I have done so. > Google plays by the rules and won't archive things you don't want > archived; the spammers don't. Right. If there is anyone who objects to Google searches on their name, we can all promise not to do so. But of course such promises are most likely to be broken by precisely those whom one would most want to keep them. Neither I, nor any WSFAn, nor even any Google employee can guarantee that anyone is keeping such a promise. What we CAN do is remove all mentions of that person's name from our web site, and ask all WSFAns to do the same with their web sites. This will prevent Google (or other) searches from finding those mentions. That's really all we can do. A third line of defense, not just against spammers but against all sorts of malice, is the blocking of HTML and attachments send to the list. HTML email can contain "web bugs" which record when you read the mail, and (to a limited extent) can track what web sites you've visited. Both attachments and pure HTML can carry viruses, which not only can trash your private files on your PC, but can broadcast them on the net. If I wasn't sure that I could set up the list to make such attacks impossible using it, I never would have set it up. If it's true that YahooGroups lists allow HTML email, I would recommend against anyone concerned about privacy or security from using them. Even if they don't allow HTML email, to sign up with Yahoo you're required to answer various nosy questions. One of the questions is whether they can sell your address to spammers. It's pre-checked "yes". As Mark Walsh reported here before (though I wrongly thought it was an April Fool's joke) they've taken the liberty of changing everyone's "no" back to "yes"! (His message can be viewed at http://www.wsfa.org/list/02/4/01200844.htm). YahooGroups also keeps archives, and who gets to see them is anybody's guess. YahooGroups claims copyright on these archives, so anything you post to a YahooGroups list is now *their* intellectual property. -- Keith F. Lynch - kfl at keithlynch.net - http://keithlynch.net/ I always welcome replies to my e-mail, postings, and web pages, but unsolicited bulk e-mail (spam) is not acceptable. Please do not send me HTML, "rich text," or attachments, as all such email is discarded unread.