On Thursday, May 1, 2003, at 08:53 AM, Charlie Summers wrote:
> I agree with your assessment, but even if the GreatCircle archives
> were
> "locked-down," there are the unofficial web-based archives we've
> discussed
> here in the past to deal with.
which is why my sites have outlawed unofficial archives for a while (or
more correctly, archives without our permission), and actively police
for and have them shut down. We allow non-local archives if they're
private, or if they agree to follow our standards, and the key standard
is "no disclosing email addresses". It's one reason why we've refused
to allow gmane to archive our stuff, although we're going to revisit
that, I think, since I've been told their policy has changed.
And it's why I don't allow mail-archive to archive lists, too. It's a
good reason why sites ought to manage their own archives, so they can
control how they're run AND modify those policies when life changes.
> The problem is MUCH more wide-spread than just official archives.
it's huge. And it's a great example of a good thing going sour because
of changes in technologies.
> Still, any subscriber who wants to "help" can easily set up
> their own archives, which once cached by Google live forever.
why my formal list rules cover this. It allows me to go in and "fix"
these problems. The one site that refused to cooperate so far (in
germany) simply got their butts banned, and gets re-banned every time
they try to sneak back in via some new domain address or hotmail
forwarder, too.
> (*sigh*) It's a much bigger problem than you suggest.
>
The answer, though, is fairly simple (conceptually):
All mail-list archives behind a security realm, because the spambots
don't honor robots.txt. That also blocks the global search engine.
No web page with an email address accessible to the global search
engines. My solution is to cloak addresses (but it's not finished yet.
sigh).
The list rules/AUP/User agreement restricts public third party archives
without permission. Don't give permission unless they meet your
standards.
Track down and shut down all archives that do this. If that means
pulling your stuff from mail-archive.com, tough. Or lobby them to fix
their site. Or something.
I'm seriously considering building special feeds just for third party
archives that come pre-cloaked, so that I know their data is to my
standard, and they don't have to worry about me changing standards and
forcing them to update. If they subscribe to that feed, they'd know any
problems are my fault.
I'm ALSO starting to think maybe it's time for mail lists to consider
(at least as an option) acting as a mail forwarder for replies to list
postings, which would allow us to add challenge/response systems and
blacklists to those replies.
All role accounts need to be fronted by challenge/response, because
either you can't NOT put them on a public web page, or it doesn't
matter, because they get dictionary attacked anyway.
I started password protecting archives back around 1998 because of the
spambot worry. Sorry to see I was so right. I've been trying to come up
with a BETTER approach since, since I don't like cloistering the data
-- or publicizing the subscriber list. I think my new approach, if I
ever finish it (grump, sigh, mumble) is that compromise, for me.
But to me, any place that publicizes unprotected email addresses is
hurting its users, and itself. Because as people understand how
spammers are getting their addresses, they're going to stop
contributing to the lists (or simply leave). It's no longer acceptable,
the way we finally had to make the transition from "anyone can post" to
"only subscribers can" (and that was a big fight in some quarters, but
now, nobody really seems to question it).
This is the next big change, or mail lists risk turning into the same
quagmire usenet turned into...
Follow-Ups:
References:
|
|
