[SIGCIS-Members] SIGCIS member directory listings are intentionally public, thus harvestable
Gallo, Jason A
jgallo at ida.org
Mon Nov 27 12:01:28 PST 2017
I just did some quick triage and turned off the display of email addresses on the page. The page itself is still public but the addresses should no longer show.
Tom raises a good point about modernizing the site and the utility of having an up-to-date public directory.
From: Members [mailto:members-bounces at lists.sigcis.org] On Behalf Of Thomas Haigh
Sent: Monday, November 27, 2017 2:53 PM
To: 'members' <members at sigcis.org>
Subject: [SIGCIS-Members] SIGCIS member directory listings are intentionally public, thus harvestable
The mail is clearly not coming via the SIGCIS list. Indeed the sender is not even bothering to fake it – the sender identifies itself as
>> SIGCIS <mekesb at kobatti.net<mailto:mekesb at kobatti.net>>
so is not even bothering to fake the sigcis.org domain or the correct user name of “members.”
Harvesting the names does not require a “back door” into the directory – the directory is a public web page. So presumably some spam engine harvesting names and emails has stumbled across it. (Sidenote: I know some people still try to avoid this by writing out the “at” in their address or adding spaces, but I suspect any self-respecting script creator would long ago have automated the harvesting of names in these formats).
Thus the possibility of getting spammed is inherent in having a public member directory. We used to make efforts to keep the directory up to date and produce a print version of those attending SHOT to help members get to know each other without spending the whole lunch meeting on introductions. But that practice has lapsed, and in the age of mobile devices would be of questionable usefulness today.
It’s probably been something like seven years since we made a serious effort to edit profiles and reach out to members whose entries were out of date. It might be time to either modernize the directory or take it down entirely.
A few years ago some volunteers talked about developing a media availability list on the site, to help direct journalists to subject matter experts willing to give a quick turnaround with quotes. Replacing the current directory with an up to date and focused list of this kind might be a good idea, if anyone is willing to revive the project.
From: Members [mailto:members-bounces at lists.sigcis.org] On Behalf Of Paul Edwards
Sent: Monday, November 27, 2017 1:32 PM
To: members <members at sigcis.org<mailto:members at sigcis.org>>
Subject: [SIGCIS-Members] more SIGCIS spam
Hi all - I’ve received one spam email from this person via SIGCIS, and now s/he is following up with another.
Anyone else being harassed by him/her — or possibly “it”?
Given the other recent spam, it’s looking like there is some back door to the member directory.
Begin forwarded message:
From: "Alexa Austin" <alexa.a at telemarketingtech.com<mailto:alexa.a at telemarketingtech.com>>
Subject: RE: SIGCIS
Date: November 27, 2017 at 10:02:47 PST
To: <pne at umich.edu<mailto:pne at umich.edu>>
Any updates for me on below?
Await for your reply.
Thanks & Regards,
L i s t | A p p e n d | C a m p a i g n
Append Test : Send us 25 to 50 contacts in an excel sheet from your in-house database with missing email address, telephone numbers, fax numbers or mailing addresses, we can append it for you at free of cost, this will help you check the quality of our services.
From: Alexa Austin
Sent: Monday, November 20, 2017 2:39 PM
I found that you are a member of “The Special Interest Group for Computers, Information, and Society Directory”. We are the global database service provider. Would you be interested in acquiring potential clients list to market your products and services as per your required location? Would it be Ok if I send you a list of some sample contacts? If yes, please give me your requirement below, and I’ll send you the list for a review.
Target Industry? ___________
Target Job titles? ___________
Target locations? ___________
Alternatively please forward this email to the right person in case you are not in charge.
Looking forward to see a good client relationship.
Thanks & Regards,
L I S T | A P P E N D | C A M P A I G N
If you wish not to hear from us again, reply “STOP” in subject line.
Paul N. Edwards
William J. Perry Fellow in International Security
Center for International Security and Cooperation<http://cisac.fsi.stanford.edu/>
Professor of Information<http://www.si.umich.edu> and History<http://lsa.umich.edu/history/>
University of Michigan
m: pedwards at stanford.edu<mailto:pedwards at stanford.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Members