[clug-talk] anti email harvesting (was Website Changes)

Jarrod Major jmajor at clug.ca
Fri Nov 19 11:15:24 PST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 19 November 2004 4:31 am, Niels Voll wrote:
> As a user I have always disliked the form submission quite a bit,
> because it does not leave me with a record of my submission in my mail
> client's "Sent" folder; So when given the choice I avoid those forms.

I'm sorry that you are biased against this type of submission. Ultimately, you 
use whatever method you are comfortable with. The form was created this way 
to prevent more SPAM from coming our way. Nick provided an excellent 
technique of dealing with this and I may change the form to give the user of 
mailing themselves a copy of the message.

> In addition, I have lost some messages, due to accidentally closing the
> browser window or tab before having sent the message. This happens once
> in a while when one is multi-tasking or interrupted while composing a
> message. My email client tends to be much more forgiving that way - it
> asks, if I want to save the draft message before it quits the
> application. So personally, I just don't find a submission form
> particularly user friendly.

I have a suggestion for this. Compose your message in a text editor and copy 
the message into the textbox when you are ready. This effectively deals with 
both problems actually, you can keep your own copy of the file and where it 
was sent. No it's not as convenient as having a record of it in your email 
client. If the web app times out or craps out for some reason you can try 
again as many times as it takes to submit it.

> And the submission form is not a particularly high guarantee of
> anonymity for the user of the form. Unless the sender sits behind a
> gateway or proxy mechanism of some kind, which is shared by many people,
> in many cases the identity of the sender could be correlated via IP
> addresses rather easily, if a reasonably recent email from the sender is
> available. So while the website operator / recipient of the form based
> message may promise not to check IP addresses, this is of little
> consolation to anyone with a bit more technical savvy, who desires
> guaranteed anonymity. I bet most of us could figure out the identity of
> a high percentage of CLUG members by IP address. In some cases it may
> narrow it down to 2-3 people because they are sitting behind a common
> gateway or proxy-server, but even that is not particularly anonymous.

The Board is not interested in chasing down people who submit, this goes for 
the Suggestion/Comment box. Sure there are server logs. I could also have 
included code to track IP's. It was decided that this was not important and 
ultimately not accurate anyway. With the high level of expertise in this 
group, I would not be surprised if anyone within it that wanted to submit 
something anonymously could probably do so.

This point is digressing. The bottom line is that if someone wants to indicate 
who they are or how they can be reached they may include this in the message. 
The form was designed simply. It works. The one suggestion that I will be 
implementing is a way to select multiple Executive Board members if the user 
wants to send multiple people as once but not the whole Board.

> But since I can send regular emails to the CLUG folks, it doesn't bother
> me that the form is on the CLUG site for those people who feel
> differently than me  :)

Exactly, it's all about choice. You choose to communicate this way, for others 
we have the Executive contact form and the Suggestion/Comment box. I find it 
very interesting that so many people are questioning the validity of this 
endeavor. The intention is to provide as many ways to reach us as possible. 
We are trying to avail ourselves to anyone who cares to contact us. I can 
tell you that not every Executive reads every single message on this list and 
not necessarily every day either. If you want guaranteed success, you can use 
the form or mail us directly. We haven't hidden our email addresses on the 
mailing lists (they are in the archives) so it's not hard to fin out how to 
get in touch with us.
- -- 
Jarrod Major
GPG Fingerprint: FA4A 1EA3 A0EE A842 07BB  804C 0090 14F6 BE6E DE3D
CLUG President
Registered Linux User: #224211
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iQCVAwUBQZ5GWgCQFPa+bt49AQJbWwP9HYPgXXAjsBRwCb4fH9dync2GymeyTHKW
n5EqLQpj9IKmsmnfLiNxTL02PlVrgPXMotZDvfc3PdfnIm/q3/qruMZMA+dv2ohg
2/rNAx77yPmaK4eD+vQDtwrgwzV0iRrkIYaODThgdlbaopU9YfQuZa3s2K4mr5Tt
QoJVDiK6ON0=
=LysH
-----END PGP SIGNATURE-----




More information about the clug-talk mailing list