[SIGCIS-Members] SIGCIS member directory listings are intentionally public, thus harvestable

James Sumner james.sumner at manchester.ac.uk
Mon Nov 27 12:36:49 PST 2017


Thanks, Jason: that's a good first response.

FWIW, I still work on the assumption that email obfuscation works, 
although whenever I've looked for systematic research on the question 
I've found very little, and what there is is not recent. Anecdotally, my 
experience is that addresses with a mildly inconvenient level of 
obfuscation (character entities in the address, mailto link generated by 
a script) receive little to no spam.

A question that's always worth addressing for contact directories, 
though, is "What are the circumstances that would mean somebody would 
want to email one of these people without first reading more information 
about them, such as would be found on their webpage (which will provide 
a way to email them in any case)?" I took the email addresses off a 
local staff directory page some years ago for this reason: I couldn't 
see it being useful for anything *except* scraping for spam targets.

Best
James

On 27 Nov 17 20:01, Gallo, Jason A wrote:
>
> I just did some quick triage and turned off the display of email 
> addresses on the page. The page itself is still public but the 
> addresses should no longer show.
>
> Tom raises a good point about modernizing the site and the utility of 
> having an up-to-date public directory.
>
> Best,
>
> Jason
>
> *From:* Members [mailto:members-bounces at lists.sigcis.org] *On Behalf 
> Of *Thomas Haigh
> *Sent:* Monday, November 27, 2017 2:53 PM
> *To:* 'members' <members at sigcis.org>
> *Subject:* [SIGCIS-Members] SIGCIS member directory listings are 
> intentionally public, thus harvestable
>
> The mail is clearly not coming via the SIGCIS list. Indeed the sender 
> is not even bothering to fake it – the sender identifies itself as
>
> >> SIGCIS <mekesb at kobatti.net <mailto:mekesb at kobatti.net>>
>
> so is not even bothering to fake the sigcis.org domain or the correct 
> user name of “members.”
>
> Harvesting the names does not require a “back door” into the directory 
> – the directory is a public web page. So presumably some spam engine 
> harvesting names and emails has stumbled across it. (Sidenote: I know 
> some people still try to avoid this by writing out the “at” in their 
> address or adding spaces, but I suspect any self-respecting script 
> creator would long ago have automated the harvesting of names in these 
> formats).
>
> Thus the possibility of getting spammed is inherent in having a public 
> member directory. We used to make efforts to keep the directory up to 
> date and produce a print version of those attending SHOT to help 
> members get to know each other without spending the whole lunch 
> meeting on introductions. But that practice has lapsed, and in the age 
> of mobile devices would be of questionable usefulness today.
>
> It’s probably been something like seven years since we made a serious 
> effort to edit profiles and reach out to members whose entries were 
> out of date. It might be time to either modernize the directory or 
> take it down entirely.
>
> A few years ago some volunteers talked about developing a media 
> availability list on the site, to help direct journalists to subject 
> matter experts willing to give a quick turnaround with quotes. 
> Replacing the current directory with an up to date and focused list of 
> this kind might be a good idea, if anyone is willing to revive the 
> project.
>
> Best wishes,
>
> Tom
>
> *From:* Members [mailto:members-bounces at lists.sigcis.org] *On Behalf 
> Of *Paul Edwards
> *Sent:* Monday, November 27, 2017 1:32 PM
> *To:* members <members at sigcis.org <mailto:members at sigcis.org>>
> *Subject:* [SIGCIS-Members] more SIGCIS spam
> *Importance:* High
>
> Hi all - I’ve received one spam email from this person via SIGCIS, and 
> now s/he is following up with another.
>
> Anyone else being harassed by him/her — or possibly “it”?
>
> Given the other recent spam, it’s looking like there is some back door 
> to the member directory.
>
> Best,
>
> Paul
>
>     Begin forwarded message:
>
>     *From: *"Alexa Austin" <alexa.a at telemarketingtech.com
>     <mailto:alexa.a at telemarketingtech.com>>
>
>     *Subject: RE: SIGCIS*
>
>     *Date: *November 27, 2017 at 10:02:47 PST
>
>     *To: *<pne at umich.edu <mailto:pne at umich.edu>>
>
>     Hi,
>
>     Any updates for me on below?
>
>     Await for your reply.
>
>     Thanks & Regards,
>
>     Alexa Austin
>
>     L i s t | A p p e n d | C a m p a i g n
>
>     Append Test : Send us 25 to 50 contacts in an excel sheet from
>     your in-house database with missing email address, telephone
>     numbers, fax numbers or mailing addresses, we can append it for
>     you at free of  cost, this will help you check the quality of our
>     services.
>
>     *From:*Alexa Austin
>     *Sent:*Monday, November 20, 2017 2:39 PM
>     *Subject:*SIGCIS
>
>     Hi,
>
>     I found that you are a member of*“**The Special Interest Group for
>     Computers, Information, and Society Directory”.*We are the global
>     database service provider. Would you be interested in acquiring
>     potential clients list to market your products and services as per
>     your required location? Would it be Ok if I send you a list of
>     some sample contacts? If yes, please give me your requirement
>     below, and I’ll send you the list for a review.
>
>     *Target Industry? ___________*
>
>     *Target Job titles? ___________*
>
>     *Target locations? ___________*
>
>     Alternatively please forward this email to the right person in
>     case you are not in charge.
>
>     Looking forward to see a good client relationship.
>
>     Thanks & Regards,
>
>     Alexa Austin
>
>     L I S T | A P P E N D | C A M P A I G N
>
>     If you wish not to hear from us again, reply “STOP” in subject line.
>
> —————————————————
>
> Paul N. Edwards
>
> William J. Perry Fellow in International Security
>
> Center for International Security and Cooperation 
> <http://cisac.fsi.stanford.edu/>
>
> Stanford University
>
> Professor of Information <http://www.si.umich.edu> and History 
> <http://lsa.umich.edu/history/>
>
> University of Michigan
>
> Contact:
>
> m: pedwards at stanford.edu <mailto:pedwards at stanford.edu>
>
> w: pne.people.si.umich.edu <http://pne.people.si.umich.edu>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> This email is relayed from members at sigcis.org, the email discussion list of SHOT SIGCIS. Opinions expressed here are those of the member posting and are not reviewed, edited, or endorsed by SIGCIS. The list archives are at http://lists.sigcis.org/pipermail/members-sigcis.org/ and you can change your subscription options at http://lists.sigcis.org/listinfo.cgi/members-sigcis.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sigcis.org/pipermail/members-sigcis.org/attachments/20171127/7a6c4f88/attachment.html>


More information about the Members mailing list