-----Original Message-----
From: dmbates at gmail.com [mailto:dmbates at gmail.com] On Behalf
Of Douglas Bates
Sent: Tuesday, March 18, 2008 8:39 AM
To: Doran, Harold
Cc: ted.harding at manchester.ac.uk; Gorden T Jemwa; r-help at r-project.org
Subject: Re: [R] UNSOLITED E_MAILS: Integrate R data-analysis
projects wi
Usually a captcha is used to prevent creation of email
accounts for use by spammers. (There was an interesting
article recently on whether the Gmail captcha scheme had been
broken so that spammers could create masses of gmail
accounts. The general conclusion is that the capcha scheme
is intact but spammers hire people in low-wage countries to
manually respond to the captcha challenge.)
What Ted has suggested and what I am confident is the case is
that email addresses of posters were obtained from list
archives or something like that. I know for a fact that the
R Foundation is not selling any email lists. The idea that R
Core has engaged in a nefarious money-making scheme of
spending more than a decade developing high-quality open
source software, providing support, enhancements,
conferences, email lists, etc. so they could "cash out"
by selling a mailing list for a modest amount of money seems,
well, unlikely.
If email addresses are being extracted from the archives then
the only place a captcha would help is when viewing the
archives. Requiring everyone to submit the solution to a
captcha before retrieving a message from the archives would
be tedious and make the archives essentially useless.
Besides, all that is required is for one person to
legitimately subscribe to the lists and run their own filters
on the incoming email to extract the addresses of posters.
My guess is that Ben Hinchliffe or someone else at
Bluereference.com is already subscribed.
The best way to discourage such questionable practices is not
to patronize organizations that use them.
On Tue, Mar 18, 2008 at 7:48 AM, Doran, Harold <HDoran at air.org> wrote:
Can a CAPTCHA be implemented as a prevenative measure
> -----Original Message-----
> From: r-help-bounces at r-project.org
> [mailto:r-help-bounces at r-project.org] On Behalf Of >
Ted.Harding at manchester.ac.uk
Sent: Tuesday, March 18, 2008 7:33 AM
> To: Gorden T Jemwa
> Cc: r-help at r-project.org
> Subject: Re: [R] UNSOLITED E_MAILS: Integrate R data-analysis >
projects wi > > On 18-Mar-08 12:08:44, Gorden T Jemwa wrote:
> > Dear R Admins,
> >
> > I received an unsolicited e-mail from BlueInference as an R >
user. Does > > it mean that R that our e-mails (and names) is
sharing it's user > > database with third parties without our
consent? Or perhaps the > > BlueInference guys are using an e-mail
address miner to get our > > contact details?
> > [SNIP]
> > Dear Gorden Jemwa,
> >
> > As a fellow R user, I am sure you agree with me that R is a >
dear gift > > from the R-project community that should enjoy broad
use.
> > [...]
> > Ben Hinchliffe
> > Inference Evangelist
> > BlueReference, Inc.
> > ben.hinchliffe at bluereference.com
>
> It would not be difficult to mine a database of email >
from the R-help archives. Each month's postings can > be
as a .gz file. Each posting in the resulting > unzipped
> From: user.name at email.domain
>
> and all that's then needed is to replace " at " with "@", and >
you have the email address.
>
> On a Unix system, a quick 'grep | sed' would do the job
>
> In this case, the spam was clearly carefully targeted at R >
users, so quite possibly they took a bit more trouble over
the point of extracting full names as well).
>
> I can't see the R people deliberately sharing their database, >
and the list of subscribed email addresses is accessible only > to
the list owners. So it seems much more likely that the > publicly
readable archives have been mined along the lines I >
>
> Best wishes,
> Ted.
>
>
--------------------------------------------------------------------
> E-Mail: (Ted Harding) <Ted.Harding at manchester.ac.uk> >
Fax-to-email: +44 (0)870 094 0861
> ------------------------------ XFMail
------------------------------ > >