Message from Fodor's
Jun 24th, 1999, 09:30 AM
#1
Guest
Posts: n/a
Message from Fodor's
For all of you concerned with issues of privacy, our programmers have just devised a system which encodes your e-mail addresses. This should make it more difficult for spammers to get through to you.
Please keep in touch with us -- either through the forum, or by sending us emails to [email protected] if you experience any more spamming instances or problems of another sort. We'll try our best to remedy them as soon as possible.
We apologize for any inconvenience you all may have undergone and hope you'll continue to visit our forums!
Sincerely,
Kanika P. Chopra
Associate Producer
Fodor's Travel Online
Please keep in touch with us -- either through the forum, or by sending us emails to [email protected] if you experience any more spamming instances or problems of another sort. We'll try our best to remedy them as soon as possible.
We apologize for any inconvenience you all may have undergone and hope you'll continue to visit our forums!
Sincerely,
Kanika P. Chopra
Associate Producer
Fodor's Travel Online
Jun 24th, 1999, 10:09 AM
#2
Guest
Posts: n/a
Pardon my ignorance on this subject, but if my email address shows up in plain text, as it does above, what good does the encoding do? Anyone who wants it can still read my plain text email address above.
Could you please explain what the benefits of encoding are?
Could you please explain what the benefits of encoding are?
Jun 24th, 1999, 11:22 AM
#6
Guest
Posts: n/a
Encoding converts all messages posted to the forum into javascript segments rather than the "plain text" Bob mentioned. So every character in the e-mail address is converted to it's ASCII number, and then the HTML entity value for that number.
However the point of the encoding is not so the human eye can't see the email address, but so e-mail collectors/spammers cannot automatically retrieve the addresses from the code. Encoding makes it harder for such spammers to collect your personal data. They can still manually collect it but with much greater effort on their part. And this type of encoding still affords you, our forum users, the ability to contact each other when necessary.
By the way, the reason both Paulo and Al can't see the e-mail addresses anymore is because they more likely have javascript turned off on their browsers.
I hope this clarifies what we've done on our end, and results in a lot less e-mail spam from unwanted vendors!
However the point of the encoding is not so the human eye can't see the email address, but so e-mail collectors/spammers cannot automatically retrieve the addresses from the code. Encoding makes it harder for such spammers to collect your personal data. They can still manually collect it but with much greater effort on their part. And this type of encoding still affords you, our forum users, the ability to contact each other when necessary.
By the way, the reason both Paulo and Al can't see the e-mail addresses anymore is because they more likely have javascript turned off on their browsers.
I hope this clarifies what we've done on our end, and results in a lot less e-mail spam from unwanted vendors!
Jun 24th, 1999, 11:34 AM
#8
Guest
Posts: n/a
Being computer illiterate (& can't spell either)--I'm not sure what you just told me--but thank you for assuring us that the spammers won't be able to collect our addresses for junk mailings. However--does this mean I can no longer cut & paste an address so I can answer the person directly? Or do I have to "hand write" it and then send my email out? Thanks again.
Jun 24th, 1999, 06:25 PM
#12
Guest
Posts: n/a
You're right Kanika. Although I have both, Java and JavaScript enabled, apparently there is a bug in my browser. (I'm still using the old Netscape 3:01 Gold). To see the encoded bit, I have to open any of the Preferences in Options and close it with an ok ... and that for every single new page I visit 
Guess I'm going to get myself a newer version.
Paulo
Guess I'm going to get myself a newer version.
Paulo
Jun 25th, 1999, 04:48 AM
#14
Guest
Posts: n/a
Thank you so much Kanika and Fodor's! I had begun to receive a lot of nasty emails from abroad (I'm Italian), so I had decided not to use my real email anymore...I hope this encoding solved the problem of the spammers...by the way, this is real slang! I looked it up, but 1996 dictionary doesn't report what a spammer is!
Jun 25th, 1999, 06:23 AM
#15
Guest
Posts: n/a
Here is a description of spamming.
(Until now, I thought Spam was a canned meat something or other. But there is a new meaning.)
Spamming is the practice of using email addresses, often purloined, to send the same message over and over to large numbers of various users. Newsgroups are good targets because they reach a lot of people. The spammers don't care what they send because laws don't prohibit it. The sender also gets off free of cost. About the only thing to stop the practice is ethics. And porno houses are well known for having impeccable ethics -- right??
The spammers like to break into systems, particularly older Unix boxes, and grab the whole /etc/passwd file, which in some older versions displays the full user addresses, even the encrypted password. Newer versions of Linux and Unix now shadow the passwords (only the letter x shows)but many /etc/passwd files still show enough of the user names that if you have the full domain name or the IP address of the server, you can take a chance on the email addresses. All you need is one good break-in and the /etc/passwd file is readable and user names are visible. So anyone can read user names like jjones. If you know which computer you are on, the name [email protected] has a good chance of finding a real live mailbox.
The only real remedy is to get your delete key oiled and ready; and keep your delete finger poised and flexed.
If someone wants to hire enough cheap labor, email addresses can be manually copied. In an 8 hour day, a quick-fingered person could copy a bunch of addresses off of a board like Fodor's. The method described by Kanika will slow down the big time spammers, but the user names and addresses are still there for the reading.
(Until now, I thought Spam was a canned meat something or other. But there is a new meaning.)
Spamming is the practice of using email addresses, often purloined, to send the same message over and over to large numbers of various users. Newsgroups are good targets because they reach a lot of people. The spammers don't care what they send because laws don't prohibit it. The sender also gets off free of cost. About the only thing to stop the practice is ethics. And porno houses are well known for having impeccable ethics -- right??
The spammers like to break into systems, particularly older Unix boxes, and grab the whole /etc/passwd file, which in some older versions displays the full user addresses, even the encrypted password. Newer versions of Linux and Unix now shadow the passwords (only the letter x shows)but many /etc/passwd files still show enough of the user names that if you have the full domain name or the IP address of the server, you can take a chance on the email addresses. All you need is one good break-in and the /etc/passwd file is readable and user names are visible. So anyone can read user names like jjones. If you know which computer you are on, the name [email protected] has a good chance of finding a real live mailbox.
The only real remedy is to get your delete key oiled and ready; and keep your delete finger poised and flexed.
If someone wants to hire enough cheap labor, email addresses can be manually copied. In an 8 hour day, a quick-fingered person could copy a bunch of addresses off of a board like Fodor's. The method described by Kanika will slow down the big time spammers, but the user names and addresses are still there for the reading.
Jun 25th, 1999, 07:43 AM
#16
Guest
Posts: n/a
So, do you want email addresses removed outright?? I think that would suck, personally... As someone else said (I think on the Europe forum), that would make it hard to keep the Pams, Cheryls and Richards straight... As for breaking into Unix systems... I find that a little unlikely and paranoid... There is the risk of getting prosecuted, blah blah blah, and why bother when you have the usenet and you can do something as simple as a perl script to retrieve the "From: " Header? It's just good business sense _not_ to break into other peoples systems... And, I don't think that the spammers are hiring people to _manually_ type in emails... Again, not good business sense... There's that whole thing of diminishing returns that they would think of, they're evil, but they're not stupid, dontcha know?
Jun 25th, 1999, 01:27 PM
#17
Guest
Posts: n/a
Emmett: Are you saying that people don't break into Unix and Linux based computers? I recommend you talk to someone who is the head of a major computer center that runs Internet-accessible computers. Virtually any systems administrator can
give you the low-down on break in attempts. Before Linux/Unix systems started using shadowed passwords, people could pilfer the whole /etc/passwd file and run a program that would endeavor to recover plain-text passwords.
give you the low-down on break in attempts. Before Linux/Unix systems started using shadowed passwords, people could pilfer the whole /etc/passwd file and run a program that would endeavor to recover plain-text passwords.
Jun 25th, 1999, 06:08 PM
#18
Guest
Posts: n/a
No, I'm saying the breakins are not part of any business policy. As one who knows about how the breakins happen, I wouldn't say that they don't. I would also say this, that the issue of breakins happening is orthogonal to a discussion on spamming. Imagine you're a business, and you need to get email accounts. You can write a program that crawls around the newsgroups, which have formatted the email nice and easy, so you can just scoop it out, you can write a spider that searches web pages, or you can write a program, very similar to SATAN that automatically tests vulnerabilities in random hosts and retrieves their /etc/passwds.
The effort involved in the newsgroup version is minimal, AND it's a directed list you get : All people who like to read alt.sex.hamsters.
You can sift through web pages, and then you don't have that much direction _unless_ it's one like this, where all the users are into travel. (A little more expensive than the above, but not that much more, it's just a perl script to extract the emails.)
Finally, you have the third option, where you get no direction at all, save all users who are panix users, or whatever ISP users. AND you have the probability which nears certainty if you continue to keep doing this, that someone _will_ prosecute you for it. (since this is a concerted business effort)
Again, as a business case, just looking at cost benefits option 1 and 2 look orders of magnitude better than option 3.
And, if you look at how they work, that is in fact how they do it.
I'm not denying that breakins occur, I'm simply saying that spammers are _not_ systematically breaking into computer accounts to gather email. _Most_ of the breakins are just your fourteen year olds who have nothing better to do than read www.rootshell.com all day... I'd bet money that the percentage of breakins perpetrated by a business as part of a concerted effort pales in comparison to the 14 year olds, and the 14 year olds are not the spammers.
Emmett
The effort involved in the newsgroup version is minimal, AND it's a directed list you get : All people who like to read alt.sex.hamsters.
You can sift through web pages, and then you don't have that much direction _unless_ it's one like this, where all the users are into travel. (A little more expensive than the above, but not that much more, it's just a perl script to extract the emails.)
Finally, you have the third option, where you get no direction at all, save all users who are panix users, or whatever ISP users. AND you have the probability which nears certainty if you continue to keep doing this, that someone _will_ prosecute you for it. (since this is a concerted business effort)
Again, as a business case, just looking at cost benefits option 1 and 2 look orders of magnitude better than option 3.
And, if you look at how they work, that is in fact how they do it.
I'm not denying that breakins occur, I'm simply saying that spammers are _not_ systematically breaking into computer accounts to gather email. _Most_ of the breakins are just your fourteen year olds who have nothing better to do than read www.rootshell.com all day... I'd bet money that the percentage of breakins perpetrated by a business as part of a concerted effort pales in comparison to the 14 year olds, and the 14 year olds are not the spammers.
Emmett
