Mailing list hosting under @scheme.org Lassi Kortela (05 Dec 2023 19:47 UTC)
Re: Mailing list hosting under @scheme.org John Cowan (05 Dec 2023 20:06 UTC)
Mailing lists and archival Lassi Kortela (05 Dec 2023 20:17 UTC)
Re: Mailing lists and archival Arthur A. Gleckler (06 Dec 2023 02:12 UTC)
Re: Mailing lists and archival Lassi Kortela (06 Dec 2023 21:17 UTC)
Re: Mailing lists and archival Arthur A. Gleckler (06 Dec 2023 21:19 UTC)

Re: Mailing lists and archival Lassi Kortela 06 Dec 2023 21:17 UTC

> Spammers harvest email addresses from public lists, and some people
> are worried about that.  That's why I like that Simplelists's web mail
> archive hides addresses.  I do backups that preserve everything, but
> I'm not sure we'd want all the addresses to be easily scraped.

We can't rely on secret archives for anything. That doesn't build trust,
and doesn't ease "truck number" worries.

Currently we record standard Unix logs (e.g. ssh and http traffic) on
the servers. Those are secret in the sense that only people with access
to the server can read them. But the logs are also quite ephemeral. We
should eventually crunch statistics out of them for public consumption.

I expect that mailboxes on the list server would be secret in a similar
sense: people with logins to the server can read the full headers, and
those headers are redacted for archival copies.

To hide email addresses specifically, they could be hashed and a mapping
from hashes to cleartext could be distributed separately. Or we could
simply base64 encode the addresses.

The Gitea spam suggests to me that spammers are starting to use advanced
AI to crawl sites. It cannot possibly be profitable to write specialized
software to spam Gitea, so I assume they have an AI that can adapt to
any site where you create accounts and post messages to text fields.
(The Gitea spammers created repos and issues!) Such an AI will probably
soon be able to spot and decode base64 strings.