I’ve now implemented some simple obscuring of e-mail addresses. As Jason said, this won’t stop everything, but it will stop some of it.

I do think ISP-based spam filters should have the option of being disabled. on specific user requests. As you point out there are a few legitimate uses for letting the virsu droppings and other rubbish through. Some people want to do their own client side filtering, and need the spam to help generate Bayesian rules. Others want to research and possibly cure viruses, and they want to see what the viruses are sending. But this probably isn’t 0.1% of actual users. Spam, and virus messages in particular, really need to be stopped by default.

Posted by Elliotte Rusty Harold (elharo@metalab.unc.edu) on Wednesday, December 1st, 2004 at 10:20 AM

Use of spam filters

I’m not convinced about the comment:

> I am a big fan of spam filters including realtime black hole lists. If you’re not using them, you should be. If your ISP isn’t using them, you should find a new ISP.

I don’t want my ISP to be guessing what mail I do and don’t want. A couple of times I’ve had clients not receive mail from me because their ISP or enterprise firewall has blocked any message containing .exe files - in one case in a .zip. Also, twice in the last few months I’ve received spam which has helped track down an infected machine. (Ironically, the final steps of tracking down for the second case were actually done by the person whose machine was infected in the first).

People who understand e-mail, etc, can usefully look at the spam which is coming through in order to, sometimes, take useful action and to learn what is going on - at least in part in order to be able to give well grounded advice to the less knowledgable on the subject. Hiding the problem won’t make it go away - it’ll just cause the spammers to flood the network with more combinations of message contents in the hope that a few will get passed the filters.

I have my mail system set up to move all expected mail directly to appropriate folders. I just scan what’s left, pick out the few welcome messages, and get rid of the rest. In the 30 days to 2004-11-09 I received spam at the rate of just under 4.5 messages/hour. It takes a few minutes a day, at most, to scan and junk them - plus whatever time I spend on ones which catch my eye - e.g., obvious spam claiming to be from people known to me.

Right, that’s my spam action time budget for today taken up

Posted by edavies@nildram.co.uk on Wednesday, December 1st, 2004 at 9:05 AM

What does displaying email addresses to those without accounts gain us, exactly? I don’t expect unregistered users will regularly send legitimate email to my personal address.

Add an image-recognition bit to the registration setup, display email addresses only to registered users, and I’d be quite satisfied.

In addition, I found this comment to be a bit much:

I’m considering adding an “I don’t know how to use a spam filter” checkbox to allow people to obscure their e-mail addresses but I’d prefer not to have to.

I’m quite familiar with the care and feeding of a spam filter. I’m also quite aware that spam filters are imperfect, even the presumably fine one included with my gmail account. As a result, one of the ways I keep my email traffic manageable is to avoid getting on lists in the first place.

It is too bad that we have to take these precautions because of “a few hundred scum sucking leeches”. It’s too bad that it isn’t safe for me to walk in some parts of my town late at night because of a few dozen scum sucking leeches of a different variety. Still, I know my society, and I know how to operate within it.

What about encoding the email addresses with character entities and hexidecimal coding (e.g. href=”mailto:yu… etc” and href=”mailto:%6a%61%…”)? Not going to stop every spambot, but will stop some.