Volunteering for OSS == Sign Up for Spam?

bckspc asks: "I've been getting pounded by spam lately, so did a Google search on my email address to see where it might appear on the Web. To my horror, it turned up several times in an archive of a Gnome listserv for a project I briefly participated in. While the email address is visibly obscured on the Web pages, it is quite intact in the HTML code. I emailed the list admin about obscuring or removing my email address, but was curtly dismissed. I'm a relative newbie and the experience soured me on participating in other OSS projects. How to Slashdot users deal with this? Must I set up disposable email accounts for every list?"

Short on solutions bar list admins clueing up

[ffub]

Try using simply foss@domain for lists, and them filter ad filter and filter it. I do agree this is very annoying, and although some listservs do respect this and change the email addresses on list servers, this can't be relied apon. I can't choose my participation based on which projects are going to give my email away.

The only solution that will effectively work (until we fix the spam problem all round) is for list admins to be more careful about munging email addresses to some degree.

The default setting for programs such as pipermail should be one where email addresses are not explicitly displayed.

The best solution I've found to solve problems with email addresses online is Jodrell's mailto php script which renders the address obfuscated but displays it correctly in the browser using JavaScript.

http://jodrell.net/projects/mailto [jodrell.net]

Yes

[innerlimit]

Set up an account to only receive mails from the lists you joined. Junk everything else.

use multiple disposable email addresses

[lanroth]

Years ago I setup a Freeserve [freeserve.co.uk] account which allows me to receive email to anything@myaccountname.freeserve.co.uk

Whenever I need to put my email address somewhere public (i.e. mailing lists and websites) I make up a new email address of the form mailinglistname@myaccountname.freeserve.co.uk or websitename@myaccountname.freeserve.co.uk e.g. the email address I gave slashdot is slashdot.org@myaccountname.freeserve.co.uk

The good part: when I start getting spam to a particular address I just setup a filter that sends all mail to that address to /dev/null It also lets you know where your email address was harvested from. So when I get spam turning up on slashdot.org@myaccountname.freeserve.co.uk I know it was slashdot who sold my email address to the evil spammers ;-)

If I want to receive mail from slashdot again I just change my email on slashdot to slashdot.org2@myaccountname.freeserve.co.uk

Interestingly most of the spam I get comes in to the email address ebay.co.uk@myaccountname.freeserve.co.uk

This has worked very well for me for several years.

Spamgourmet

[Justin Ames]

use a spamgourmet.com address for anything that may ever become public. It's free, and after a specicified number of emails it blocks the address. You just sign up, and everytime you give out an email, you make up on the spot a keyword.numberofemails.username@spamgourmet.com email address, and spam gourmet automatically blocks after that number, you can then allow trusted domains through forever if you want.

Re:Spamgourmet

[pancakeunicorn]

I second the recommendation. Excellent service.

The same user name is good for multiple domains as well, i.e., slashdot.4.johndoe@spamgourmet.com would be interchangeable with slashdot.4.johndoe@neverbox.com. I don't remember the other domains off hand.

If you don't like making a different address for each use, despammed.com has an effective filter and you can opt to forward it on to another address.

Re:False sense of security

[Maestro4k]

• The other thing I do now (which I'd have done earlier, had I the resources) is give each company I do business with it's own address. While this doesn't cut the spam, it does allow me to track who's been selling my address, and who hasn't. Yahoo and Ebay (both previously mentioned in other threads) have been the main culprits thusfar, although there are a few smaller companies I've caught as having sold their email lists as well.

For those that don't have their own domain or ability to create new E-mail addresses at will, check out Spam Gourmet [spamgourmet.com]. It allows you to create disposable E-mail addresses on the fly. You can tell it how many E-mails will be allowed at that address (from 1 to 20). Once that many are received the address expires. Part of the brilliance of it is that when an address expires it doesn't start bouncing, any E-mail to it just gets /dev/nulled. Spam Gourmet does track how many E-mails get eaten so you can see how badly the spammers THINK they are spamming that address. It's much fun to check and see you've missed out on hundreds or thousands of spam mails.

There's more to it than that for those willing to dig into the advanced options. You can add trusted senders so if you're on a mailing list in archive form, you can use a disposable E-mail for it. None of the trusted sender's E-mails lower the counter of remaining E-mails to that address, and they will continue to get through to you even after the address has dropped to 0 remaining. You can set it up so the E-mails it forwards to you are ready for you to reply through Spam Gourmet, masking you real address so it looks like it came from the disposable one. You can also go in and adjust the remaining E-mails left on an address, both up and down.

Since I started using it I've had less spam problems, and I can tell you every company that sells my address. It's a great service and totally free!

The answer is yes.

[/dev/trash]

Go to Sneakemail [sneakemail.com] and sign up. It makes life so much easier.

Re:use multiple disposable email addresses

[CritterNYC]

Years ago I setup a Freeserve account which allows me to receive email to anything@myaccountname.freeserve.co.uk

Whenever I need to put my email address somewhere public (i.e. mailing lists and websites) I make up a new email address of the form mailinglistname@myaccountname.freeserve.co.uk or websitename@myaccountname.freeserve.co.uk e.g. the email address I gave slashdot is slashdot.org@myaccountname.freeserve.co.uk

This will work great... right up until the point that your domain is subject to a dictionary attack by a spammer. You'll suddenly see your spam load go through the roof. And you won't be able to setup filters for each new iteration fast enough. And if it's your own server or you pay for bandwidth, your costs just keep rising.

You're better off creating real aliases for each new account and letting the server respond with a 550 invalid user for all others.

If you haven't been dictionary attacked yet... just wait... it'll happen... sooner or later.

Run your own mail server!

[uslinux.net]

One more reason why running your own mailserver is the way to go. Sendmail, for instance, easily supports virtual user tables (virtusertable) - aliases, basically. Use a rule like:

USERNAME+%2@yourdomain.com USERNAME

Which will deliver all mail in the form of bob+amazon@hisdomain.com to bob@hisdomain.com. Use a different name on each site, but you don't need to create aliases for each user. When you start getting spam to that address, just add a line *before* the one above of

USERNAME+SOMESITE@yourdomain.com error:nouser User has been removed because of SPAM

I only wish I had started doing this before my primary addresses had been harvested :-(