| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> ADMIN: Recent security concerns about the list
Hey kids...
Okay, so I go away to a Data Warehouse conference for a week and all heck breaks loose. ;-)
Please let me address some list security questions/concerns that came up last week:
By default, when you subscribe to this list, your address is made visible to any subscriber who issues a WHO command. This is stated in the Welcome message when you first subscribe. That same message also tells you that you can voluntarily conceal your address should you wish (it may even give an example of how to do it). I say that this is the *default* behavior because that CAN be changed. I can set the list to hide all addresses at all times should the list owner (Jared) so decide. Some of the functionality of the list goes down at that point, but yes, it can be done.
However, I don't see this is as a big problem because of the 60-some-odd lists I carry, only two public lists have their entire subscriber list hidden, and nothing bad has happened to the other lists that don't have it hidden. The odds pretty slim that we will ever have any problem with security.
Yes, malicious people CAN come in and harvest your addresses from the list. However, they have to join the list first, and that creates an audit trail for me. I also log everyone who does a WHO command so that I can trace back any security breeches like that. In my history, most people will simply not risk getting the subscriber list for this reason, so it just doesn't happen all that much.
Let me back up a step... There are two kinds of malicious people who typically want the entire subscriber list. The first are spammers; the truly evil, nasty people. The second group are headhunters/recruiters and product vendors; the only semi-evil people. ;-) Spammers are not interested in a list of 1400+ Oracle users, believe me. They want lists of 30,000 or 300,000 E-mail addresses, and they don't care who they are. Spammers that have the time to subscribe to one of my lists, request a WHO, then leave the list are virtually unheard of. In fact, I can only remember one instance of this happening, and that was about 10 years ago when spamming was first getting started. They are far more likely to just try posting to the list, which will result in their message getting caught by the anti-spam filters.
The second group is more likely to come visit us. Fortunately they are still rare exceptions, and they are also easy to track down. I promise you that I deal with misuse of the subscriber lists VERY harshly. These people are deleted and banned from the lists on their first offense. There have been a couple instances of this over the years, and they have always been dealt with quickly and finally. I have never had a repeat offender. To give the headhunters their due, they have wised up over the years and don't do this much anymore. Believe me, the backlash of angry subscribers far outweighs any potential leads they may receive. So that leaves us with Product Vendors. Unfortunately, this group DOES seem to invade every year or so. On the other hand, they are typically quite careless, and use their own addresses, or leave tell-tale traces (which I won't divulge here) that enable me to track them down. The result is a nasty letter to their President/CEO, removal of all subscribers from their domain, and a public lashing. ;-) Historically these cases occur when some young new employee is hired into the marketing division and tasked with finding new leads. They don't know any better, and take advantage of lists like this one.
IF YOU SUSPECT SOMEONE of having harvested this list, please let me know. However I would ask that you truly think long and hard about how they got your address. 99% of the time, your address was gathered from another source, and it will save me a LOT of time if you do as much investigation as you can before contacting me. It's fairly easy to do a quick check with some other subscribers to see if they got the same spam as you did. If they didn't, it's a good bet that your address didn't come from the list. Also, please remember that spammers use mail sniffers to glean addresses, so by merely sending an E-mail message out into the net, you're making yourself a candidate for spam, even if you have concealed your address. The bottom line is that I will take all abuse complaints seriously, but please reciprocate by doing your own investigation and being as thorough as you can before contacting me.
Finally, to conceal your address, you must send a message to:
ListGuru_at_fatcity.com
And in the message BODY, put:
SET ORACLE-L CONCEAL You can always do a NOCONCEAL should you wish to go back to showing your address.
Oh and by the way, no commands are EVER acted upon if they are sent to the actual mailing list. They must always go to the ListGuru address. Contrary to what someone here said, there is (physically) NO connection between the program that acts upon commands and the program that re-sends out list traffic. As a result, any commands you send to the list are completely ignored by ListGuru -- they MUST go to the other address.
As always, if you have further questions or concerns, please let me know. Received on Mon Nov 13 2000 - 11:50:07 CST
 |
 |