On Thu, Dec 18, 2003 at 10:24:04AM -0500, aldercreek_at_qwest.net wrote: > I don't think there is any difference between Yahoogroups, moderated or not > and spam. I wouldn't count on that. A number of people, including me, have conducted controlled experiments using different email addresses on different ISPs in different countries. (This is sometimes called using "tagged" addresses: they're things like a7b8g92zbxba8273_at_example.com that are effectively impossible to guess and which are never exposed anywhere else.) When we pool results and do analysis, what we find is: 1. Signing up for a Yahoo mailing list does not guarantee that you'll get spammed at that address. BUT: 2. Email addresses which are known only to the owner and to the Yahoo list management service (i.e. which have NEVER sent a message to the list and which cannot be discovered by querying the mail server on which they reside) sometimes start getting spammed hours (!) to weeks after signing up for a Yahoo list. This means that there's a pathway from "some addresses signed up for some mailing lists at Yahoo" to "some spammers". And of course, once an email address is in the hands of "some spammers", it's the hands of MANY spammers. (See http://www.honet.com/Nadine/ for funny case history.) How is this happening? We don't know. But Yahoo is clearly behaving irresponsibly in a lot of other ways (hosting spammer web sites, hosting spammer mailboxes, resetting its users' privacy preferences, allowing list-owners to mailbomb, etc.) so it's hardly surprising; in fact, it fits right in. And lest you think that this is just paranoid speculation, let me point out that in the last two months alone, we've seen confirmed reports that (1) the LA Times sold/gave tagged email addresses to Experian (2) tagged email addressses given to United Airlines started getting porn spam from Brazil, and, most recently, (3) a web company (overstock.com) filed suit against a pair of former employees, alleging that they stole 3 MILLION customer addresses and sold them under-the-table to spammers. See: http://tv.ksl.com/index.php?nid=5&sid=62815 and http://deseretnews.com/dn/view/0,1249,565037182,00.html Is that what's happening at Yahoo? Maybe. Maybe not. Maybe there's a serious security issue instead. There's no real way to know, especially because the Yahoo abuse desk is legendary for its total lack of clue -- read 'em and weep: http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&safe=off&q=yahoo+abuse+desk&btnG=Google+Search&meta=group%3Dnews.admin.net-abuse.email so trying to even convince them that maaaaaaaaybe there's a problem that they really ought to look at is completely hopeless. So my advice to everyone is: a) Don't sign up your primary address for any lists hosted by Yahoo. Use something temporary that you can afford to abandon. (Unless you or your ISP/company/whoever have some very good anti-spam measures in place.) [Aside: same goes for Topica and a few others as well.] b) Don't host your mailing list there. There are plenty of alternatives (two of which are right here in front of you) that don't have these problems, so why take the risk? Or maybe more importantly, why ask your subscribers to take the risk? ---Rsk *************************************************************************** PaddleWise Paddling Mailing List - Any opinions or suggestions expressed here are solely those of the writer(s). You must assume the entire responsibility for reliance upon them. All postings copyright the author. Submissions: PaddleWise_at_PaddleWise.net Subscriptions: PaddleWise-request_at_PaddleWise.net Website: http://www.paddlewise.net/ ***************************************************************************Received on Fri Dec 19 2003 - 06:10:35 PST
This archive was generated by hypermail 2.4.0 : Thu Aug 21 2025 - 16:31:11 PDT