Travis posted on Thu, 28 Jul 2011 15:17:28 -0700 as excerpted: > -----Original Message----- > From: Steven D'Aprano Sent: Thursday, July 28, 2011 12:36 PM To: > pan-users@nongnu.org Subject: Re: > [Pan-users] Munging? > > Beartooth wrote: >> My posting profiles all require an email address. Can it a/o should it >> be a munged one -- say with space-paren-at-paren-space instead of @? > > You mean something like this? > > fred (@) example.com > > > That's not a valid email address, because the @ sign is commented out. > (Yes, email addresses can include comments. Many mail clients don't > allow them, because they are stupid and don't follow the standard, but > it is legal.) > > If you are just making up an address, why not just do something like > this? > > inva...@nowhere.com > > > > It would be more appropriate to use > invalid@invalid.invalid. > > Someday somewhere somebody might register nowhere.com
I can't actually see what those addresses are, as I'm reading thru gmane, which munges them (tho it can be noted that the gmane munges are valid as forwarding addresses if the original address was valid, it just goes thru the gmane despammer first). However, what I've long done here for real news (that is, non-gmane/non- list) is use something like the following (with the @ further munged to avoid gmane scrambling, but it should be obvious): news.duncan (at) cox.replytogroup.net.please 1) Add the munging on the domain side of the @ so your ISP (or your own mail server if you're so lucky) doesn't have to deal with it) 2) Use at least two-word domain munging, alternating valid and invalid (cox is valid, replytogroup is invalid, net is valid, please is not), with the intention of making it more difficult for automated spambot demunging while still making it reasonably easy for real for humans. 3) The user side of the @ is valid as-is (news.duncan, not simply duncan, not simply news), so if a spambot /does/ successfully demunge the domain side, if they try the same technique on the user side, they'll be a minor headache for the mail server (unavoidable once the domain munging is cracked) but it still won't get me. 4) Make the tld (top-level-domain, like .com, here, .please) invalid, so anything that tries to use the address as-is isn't going to put any more load on the system than necessary (the first TLD dns returns invalid, operation goes no further), trying to validate dns. That's it for the address munging. However, there's two (or three, depending on how they're counted) additional components to my scheme, as well. 5) In my mail client, have a keywording filter. For any mail that comes in to that address, the filter looks for " -news" at the END of the subject line. (No-quotes, space, dash, news, END) So a properly keyword-added subject line for replying directly to me for this thread (were it on a newsgroup where I use the munged address, not a list where I use my list address) would be: Re: Munging? -news Anything coming in at that address without that " -news" at the end of the subject line gets trashed (as do all HTML messages coming in there). 6) Completing (almost) the setup, I make use of pan's custom-header capacities, adding these instructions as custom headers. Note that the x- is specified in the RFCs as a prefix to be assigned to custom headers, to be sure they don't conflict with any non-custom headers: x-munging1: Usenet replies preferred, If replying by mail, x-munging2: do ALL the following to avoid the spam traps: x-munging3: 1) Use plain text. HTML format auto-trashed. x-munging4: 2) Kill address reply2group and please phrases. x-munging5: 3) Put " -news" at the END of the subject x-munging6: (no quotes, space, dash, news, END) 7) Finally, Replacing the first line of my list sig as used below, I have this: Duncan - Newsgroup replies preferred. See x-munging headers for mail. That: a) makes the point that I prefer news replies. b) "gently" encourages them by forcing people to look at the headers and jump thru some hoops to actually get a valid email address, and then to add the keyword so I actually see the message. c) makes it known that replying via email is still possible when necessary, referring people to the instructions in the headers. d) rather more strongly "encourages" people who aren't intelligent enough or simply don't care enough to follow instructions and who would thus unnecessarily "reply to all" or "reply to sender" instead of to the newsgroup, to instead "reply to group". If they can't even care enough to notice that, the message couldn't have been that important anyway and would be a milder form of spam anyway, simply wasting my time, so if it doesn't get to me, oh, well... Taken as a whole, this scheme has been *VERY* successful for me over the years. Despite my posting a demungable address quite visibly to various newsgroups over the years, the number of spam hits on the news.duncan address remains very low, and could well be due to spambot address randomization. And the keywording has been 100% effective in killing them. No spammer is likely to tailor message subjects specific enough to get around it, and if one ever does, it's simple enough to change the keywording rules and relevant header lines while retaining the rest of the system as-is. Meanwhile, I *HAVE* gotten a number of legitimate messages on that address from people over the years, where they cared enough to do the keywording as well. Further, the keywording has to be done only once per subject/thread. Once done for the first message, all replies automatically keep the same keywording so if the initial message ends up in an ongoing exchange, it "just works". If I trust the other end enough, I eventually give them one of my other addresses as a contact so they don't have to worry about the keyword filter on the news address for future messages. A 100% correct identification rate, no-false-positives, no-false- negatives, is considered impossible for the general case. (If it were ever possible at all, the spammers would soon get ahold of it and it would again be impossible.) However, this application is specialized enough that I seem to have accomplished it. Of course I can't know what messages never got to me as a result, but by definition, those were milder forms of spam anyway, and thus a waste of time, because the other end obviously didn't care enough about it to do it right (or was too dumb to know how to access the custom headers), so why should I care about it either? In any case, if they considered the message /that/ important and they saw no response, they /could/ reply via newsgroup, if even with a simple, "Hey, Duncan, I can't figure out your email thing, can you contact me directly at this address? <their address>" That way, they get to put their unmungable address out there in whatever munged form they choose, and I can respond to them. By similar token, anyone who DOES care enough to jump thru the hoops gets rather higher priority treatment, generally at least /some/ reply, which they might not otherwise, because I know the effort it took to contact me directly on that address in the first place, and thus, that they consider the message of at least enough importance to do so, regardless of whether I'd ordinarily consider it so or not. (In practice, however, I don't believe I've ever received a message that got thru those hoops that I didn't consider important on its face, so the fact that they consider it important enough to jump thru them only increases the priority for me. Of course, someone could be contrarian just to prove me wrong and break that 100% record, but again, it should be simple enough to block them if that ever happens. That it's so effective on the automated stuff already makes everything else easier to handle, even if someone starts deliberately targeting it.) Meanwhile, another alternative exists as well, particularly for you Beartooth, as I know you already use gmane. As I mentioned, their munged addresses remain valid -- it just goes thru their spam filters and gets forwarded to the unmunged address you used. As such, you could simply use the gmane munged version of your real address on non-gmane and gmane- but-unmunged groups/servers as well, and let gmane handle the spam filtering, forwarding, etc. Finally, it's worth noting that by virtue of the fact that gmane verifies addresses the first time they're used in posting to a gmane group/list, you cannot use a (non-gmane) munged address on gmane. So don't even try that, as the verification mail will go to the munged address and never get to you, so no message you post to gmane using such an address will ever make it. (Well, unless the address as-munged is valid as well, similar to the way gmane's munging works.) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman _______________________________________________ Pan-users mailing list Pan-users@nongnu.org https://lists.nongnu.org/mailman/listinfo/pan-users
