TMG-L Archives

Archiver > TMG > 2011-03 > 1301329241

From: Richard Damon <>
Subject: Re: [TMG] TMG list and AOL--still a problem?
Date: Mon, 28 Mar 2011 12:20:41 -0400
References: <><> <><> <>
In-Reply-To: <>

On 3/28/11 8:18 AM, bob gillis wrote:
> On 3/27/2011 9:58 AM, Rick Van Dusen wrote:
>> This is at best only partially true.
>> Both in the header of the email messages and on the archives Webpage
>> for this list, the email addresses are present. (Granted, this would
>> require the harvester's 'bot to possibly open each message, but the
>> information IS accessible to the general public.)
> Believe me. This has been discussed in other lists and forums before.
> You can read the email address in the message and you can read it it
> the archives. But a spam-bot cannot harvest the address from either. I
> have asked Joan Young a former RW volunteer and article writer fro RWR
> for a link.
> She did not have a link but here is her reply to me:
>> I don't recall where it was posted BUT I can tell you that ANY email
>> addresses in mailing list messages no matter where the addresses
>> appear in the message are protected in THREE ways. 1) they are
>> encrypted so that if you VIEW SOURCE code on the archives page you
>> see the encrypted address and not the actual address (which is how an
>> address harvester would see them). 2) there is a javascript encoding
>> routine in addition to the encryption and 3) Flybait is used ---
>> Flybait sends any potential address harvester a bunch of BAD email
>> addresses to discourage them from trying to come back again.
>> addition to all of this, RootsWeb MONITORS which spiders
>> are visiting the archives (and other pages on their site) and will
>> not allow any suspicious spiders to gather info from the site. They
>> allow Google and other reputable spiders but mostly block others.
> bob gillis
To be accurate, these measures are not absolute protection (but are
pretty good). To get by #1 and #2, it just means that the spam-bot
spider needs to run the page through a full rendering engine before
looking for the email addresses. (This also often fixes the problems
with 3, as these links tend to be hidden from the user, so rendering the
page hides them from the spider too. As to blocking the spider, a
malicious spider is not apt to identify itself as such, but would
identify itself as something like IE or Firefox, and if it used a big
enough bot-net to scan the pages, might be able to fly under the
detection radar for methods checking accesses rate per IP address. Now
all of these steps are somewhat expensive in terms of resources needed
to do, so the vast majority of spam-bot-spiders won't go to these
measures, but it is possible for someone to do. Because of the higher
resources needed to gather the names, it is likely to only be worthwhile
for something more sophisticated than plain old spam, but perhaps a
focused scam might rise to the level that would make it profitable.

Richard Damon

This thread: