Hello Drew,
I was thinking about mailing lists and if they're a viable
implementation as a comment system for a blog or website and something
came to mind: Wouldn't the email addresses being displayed in public get
spammed?
Also does lists.sr.ht allow users to hide their email addresses?
Thanks
On 23/10/15 10:55, Ahmed Mazen wrote:
>This email failed anti-phishing checks when it was received by SimpleLogin, be careful with its content.>More info on https://simplelogin.io/docs/getting-started/anti-phishing/>>------------------------------>Hello Drew,>>I was thinking about mailing lists and if they're a viable>implementation as a comment system for a blog or website and something>came to mind: Wouldn't the email addresses being displayed in public get>spammed?
Hello Ahmed and Drew,
I hope I’m not mistaken by answering this "public-inbox" mail. I feel
that this is one benefit of a "public-inbox" but feel free to tell me
that this should not be done.
I stumbled upon this message by exploring what a "public inbox" was and
thinking about setting my own and felt I had quite some experience to
add my 0.02€.
I use simplelogin.io (with a custom domain) to create an email alias for
each single website I use. This allows me to track the origin of spam
extensively. You are right: most public email addresses ends up being
spammed, sometimes very quickly.
This is the case for:
- every email listed on my own website.
- email used only once on FreeBSD bugzilla
- email which appeared only on my gemini capsule at the time
- email used only once to report a Debian bug (was spammed less than 15
days after)
- email used in the changelog of my own software
(a lot more but which is out-of-scope here)
So it looks like it is everywhere, right?
Well, for some strange reason, it is not the case for:
- email associated with git commits, on both github, gitlab and
sourcehut
- email used on some openbsd mailing-lists
- email used on sourcehut
To this day, I have no idea if there is something done especially in
those cases or if it is plain luck. Personally, I consider that any
public email will ends, sooner or later, being spammed and in databases.
Spammed doesn’t means 100 mails a day. It usually means a bunch of 4/5
emails in a row every week/2 weeks, with some random spam/scam
inbetween. This might not seem much until you realize that it is "per
address" and the spams are not always the same, so they add up. If I had
used the same adresse everywhere, I would ends up with multiple spams
every day (yep, I did some statistics).
I’ve also discovered some patterns which seem to indicate addresses
being added to databases. One of those pattern is an address starting to
receive spams months (if not years) without receiving anything. Also two
completely unrelated spammed addresses randomly receiving exactly the
same content.
The older address I’ve haven’t been used for 15 years and has been
completely disabled (thus replying with "user not found" for more than 5
years). This adress still receive more than 5 spams a day.
The conclusion is without appeal: any public address will, sooner or
later, be spammed (at least you should consider it that way) and once it
is public, there’s no way to retract it.
I can live with it myself as I use an alias everywhere and can quickly
disable it. But this is not the case for everyone, it involves some
convolutions to post/reply to mailing-lists. And lists such as this one
expose the mail of everybody.
>>Also does lists.sr.ht allow users to hide their email addresses?
I remember a discussion about it where Drew said it was not the case. I
don’t think it has changed (as a sourcehut user myself, I can’t do it.
But, again, my sourcehut alias is one of the very few public aliases
which never received any spam. I don’t know what Drew did but, so far,
it works! Thank you Drew ;-)
Also, hiding mail address would break one core feature of sourcehut
which is allowing people without a sourcehut account to reply.
>>Thanks>
--
Ploum - Lionel Dricot
Blog: https://www.ploum.net
Livres: https://ploum.net/livres.html
My email is publicly visible on multiple sites
(including my own), and I've received one singular spam message to the
account _ever_, in the nearly two years I've used it.
It could just be that Migadu's spam filters are unusually good, but I
have it configured to filter to the spam folder, which. has exactly zero
spam entries in it right now.
That said, I've heard from others that they _did_ end up having to hide
their email on their own site to reduce spam, and that doing so
noticably reduced the rate at which they received it.
I'm just confused why I never get any, to be honest. I don't think I'm
doing anything _too_ unusual?
Figured I'd contribute my experience to the conversation, since it seems
to deviate noticably from the norm :)
- Noam Preil
I occasionally get spam to my (self-hosted and
publicly available) email address, but only from
those purporting to be Chinese factory
salespeople that want to sell me furniture in
bulk.
So I think it's just the luck of the draw.
--
Sebastian LaVine | https://smlavine.com
Hey All,
Thanks for your replies. It seems displaying public email wouldn't
attract as much spam as I thought.
What about spam to the mailing list instead? Derailing the conversation
through flooding the mailing list or flooding the current topic. And I
don't mean with slurs or obvious spam text but AI generated text.
I was thinking that with _insert big social media company here_, they
would have this problem solved as the barrier to entry is an account
that's verified with a phone number(which are typically unique). Bad for
privacy, bad for usability, good for ensuring no spam.
I like the ability to contribute to a conversation without an account to
the platform. But I wonder whether or not it is viable for a discussion
platform.
I also wonder if this is an issue worth considering since, after all,
premature optimization is the root of all evil.
Would really love input on this. Thanks.
On 23/10/19 01:47, Ahmed Mazen wrote:
>Hey All,>>Thanks for your replies. It seems displaying public email wouldn't>attract as much spam as I thought.
Well, it happened this morning for the first time. Two spam in a row to
my sourcehut email address. Both using "~lioploum" as the recipient
name, something I don’t use anywhere but on sourcehut (I’m usually ploum
but it was already used on sourcehut).
So, as I said, it was just a matter of time. I can consider this address
as compromised.
>>What about spam to the mailing list instead? Derailing the conversation>through flooding the mailing list or flooding the current topic. And I>don't mean with slurs or obvious spam text but AI generated text.>>I was thinking that with _insert big social media company here_, they>would have this problem solved as the barrier to entry is an account>that's verified with a phone number(which are typically unique). Bad for>privacy, bad for usability, good for ensuring no spam.>>I like the ability to contribute to a conversation without an account to>the platform. But I wonder whether or not it is viable for a discussion>platform.>>I also wonder if this is an issue worth considering since, after all,>premature optimization is the root of all evil.
Drew may have data but, so far, I haven’t seen any spam on any sourcehut
list. I think it helps that, by default, HTML emails are blocked on
sourcehut ;-)
>>Would really love input on this. Thanks.>
--
Ploum - Lionel Dricot
Blog: https://www.ploum.net
Livres: https://ploum.net/livres.html
On 10/19/23 18:07, Ploum wrote:
>> Drew may have data but, so far, I haven’t seen any spam on any sourcehut> list. I think it helps that, by default, HTML emails are blocked on> sourcehut ;-)
I was thinking about LLM generated text. That is, text that looks like
it was made by humans but was generated by a computer but looks
convincing enough to fool people.
The sinister part of it is that as mailing lists become popular, some
people might use LLMs to derail conversations or simply spread
misinformation. On Twitter, you could search for ChatGPT's "There Was an
Error Generating a Response" and you could find thousands if not
hundreds of thousands of tweets with that text indicating that there are
Twitter accounts that are completely AI generated.
In the older mailing lists, the technology wasn't as developed as it is
now. Now that it is developed, the amount of spam that can be sent to a
server is profound because it is harder to detect.