Email-security and muppet webdesigners.

[Anteaus]

Client recently had website designed. Muppets who created the site posted
most of the domain's email-addresses on it, as plaintext mailto: links.

The exposure of this new website site to spambot-harvesting can be measured
in days.

Their mailserver is now inundated with spam, to the point where attempts at
filtering are almost pointless. The domain may have to be junked, a new
domain set-up, and and all company stationery replaced.

Was just thinking that an awareness-raising campaign might be a good idea,
to make webdesigners, bloggers, and coders of webdesign software sit up and
take notice of the fact that PUBLISHING of unprotected email addresses on a
webpage is a serious malpractice.

All of these individuals need to be made aware that what they are doing is
not only malpractice, but that it could also lead to their being sued for the
resulting damage to email systems.

Theree might also be room for legislation here, such as:

-A requirement that the authors of webdesign software include warnings
against any action which appears to be an attempt at plaintext email-address
publication, such as entering 'mailto:' or 'xxx@xxx.xxx' into a webpage.

-A fixed penalty to be issued to webdesigners who routinely ignore email
security in their work.

I'm not all that keen on legislation myself, but it seems this is an area
where a proverbial 'kick in the pants' IS desperately needed, to make the
offenders sit up and take heed of the damage they are doing.

 

[Alun Jones]

If you can't get reasonable legislation to be effective against spammers,
why do you think anyone would want to do the same against people who are
legitimately fulfilling the company's goal of advertising itself?

Seriously, if you want to campaign on this issue, I would suggest
campaigning for spammers to be jailed.

Alun.
~~~~

"Anteaus" <Anteaus@discussions.microsoft.com> wrote in message
news:5A80E4DC-FCB6-4B82-8A26-F02B0D3D2146@microsoft.com...
> Client recently had website designed. Muppets who created the site posted
> most of the domain's email-addresses on it, as plaintext mailto: links.
>
> The exposure of this new website site to spambot-harvesting can be
> measured
> in days.
>
> Their mailserver is now inundated with spam, to the point where attempts
> at
> filtering are almost pointless. The domain may have to be junked, a new
> domain set-up, and and all company stationery replaced.
>
> Was just thinking that an awareness-raising campaign might be a good idea,
> to make webdesigners, bloggers, and coders of webdesign software sit up
> and
> take notice of the fact that PUBLISHING of unprotected email addresses on
> a
> webpage is a serious malpractice.
>
> All of these individuals need to be made aware that what they are doing is
> not only malpractice, but that it could also lead to their being sued for
> the
> resulting damage to email systems.
>
> Theree might also be room for legislation here, such as:
>
> -A requirement that the authors of webdesign software include warnings
> against any action which appears to be an attempt at plaintext
> email-address
> publication, such as entering 'mailto:' or 'xxx@xxx.xxx' into a webpage.
>
> -A fixed penalty to be issued to webdesigners who routinely ignore email
> security in their work.
>
> I'm not all that keen on legislation myself, but it seems this is an area
> where a proverbial 'kick in the pants' IS desperately needed, to make the
> offenders sit up and take heed of the damage they are doing.
>
>

 

[Anteaus]

"Alun Jones" wrote:

> If you can't get reasonable legislation to be effective against spammers,
> why do you think anyone would want to do the same against people who are
> legitimately fulfilling the company's goal of advertising itself?

Really? Perhaps then they should post the firm's bank details as well, would
help people to pay them.

-wait a minute though, that would also help crooks rip them off.

Which is exactly what webdesigners who post email addresses are doing.

Even worse is website or blog software which asks for an email address as
part of the installation process, and then merrily PUBLISHES that address,
without even telling the owner. One of the leading CMS systems used to do
this until quite recently.

> Seriously, if you want to campaign on this issue, I would suggest
> campaigning for spammers to be jailed.

Hard to do, as many are in places like Communist China where corruption
rules.

I've always found that it's more productive to pursue a feasible approach
than a nonfeasible one.

Stopping spammers getting hold of your company's email accounts IS feasible,
it just calls for a few of the worst worst examples of devil-may-care
webdesign firms to get a sharp rap on the knuckles from Uncle Sam, and once
that hits the news, the rest will soon decide to change their ways.

Once the primary source of stolen email-addresses dries up... Who knows, the
spammers might go out of business anyway.

It is interesting to compare this issue against the obsession with
"Accessibility" of websites - an issue which affects a tiny minority of
users, but which dictates that the whole process and principle of webdesign
must follow an extremely narrow range of specific routes, and disbars the
use of many otherwise legitimate technologies.

Yet, we can't get legislation against bad practices in webdesign which
assist spammers in their evil deeds. -An issue which affects, and damages the
interests of, 99.9% or users.