Participants
Peter Eisentraut
Peter Eisentraut
Noname
Noname
Carlos Moreno
Carlos Moreno
Bruce Momjian
Bruce Momjian
Magnus Hagander
Magnus Hagander
Tom Lane
Tom Lane
Gregory Youngblood
Gregory Youngblood
Guy Rouillier
Guy Rouillier
Ian Harding
Ian Harding
Jim Nasby
Jim Nasby
Greg Sabino Mullane
Greg Sabino Mullane
Attachments
Show all attachments
Thread Outline
#1...#2
NonameCarlos Moreno
Jan 07, 2006
#1NonameNoname
Jan 07, 2006
#2Carlos MorenoCarlos Morenoto Noname (#1)
Jan 07, 2006
#3Bruce MomjianBruce Momjianto Carlos Moreno (#2)
Jan 07, 2006
#4...#12
Magnus HaganderPeter EisentrautJim NasbyGreg Sabino Mullane
to Bruce Momjian (#3)
Jan 07, 2006
#4Magnus HaganderMagnus Haganderto Bruce Momjian (#3)
Jan 07, 2006
#7Peter EisentrautPeter Eisentrautto Magnus Hagander (#4)
Jan 07, 2006
#11Jim NasbyJim Nasbyto Peter Eisentraut (#7)
Jan 10, 2006
#12Greg Sabino MullaneGreg Sabino Mullaneto Jim Nasby (#11)
Jan 10, 2006
#5Tom LaneTom Laneto Bruce Momjian (#3)
Jan 07, 2006
#6Gregory YoungbloodGregory Youngbloodto Bruce Momjian (#3)
Jan 07, 2006
#8...#10
Peter EisentrautGuy RouillierIan Harding
to Carlos Moreno (#2)
Jan 07, 2006
#8Peter EisentrautPeter Eisentrautto Carlos Moreno (#2)
Jan 07, 2006
#9Guy RouillierGuy Rouillierto Peter Eisentraut (#8)
Jan 08, 2006
#10Ian HardingIan Hardingto Guy Rouillier (#9)
Jan 09, 2006

write on screen

Started by Nonameover 20 years ago12 messagesgeneral
Jump to latest
#1Noname
Noname
mastersail@poczta.onet.pl

Hi.
I have a problem - I run pl/sql script on postgresql base using command line in windows and I need to view some data in this command line, but I don't know how to send them in the script.Pleas help

#2Carlos Moreno
Carlos Moreno
moreno_pg@mochima.com
In reply to: Noname (#1)
E-mail harvesting on PG lists?

This is worrisome...

I decided to create a separate account for my subscription to PG's
mailing lists (to avoid all replies bouncing back due to my strict
whitelist anti-spam filter) -- I created the account on Dec 22, and
today I notice a phishing e-mail ("Your PayPal account"), meaning
that it took less than two weeks for my e-mail address to go from
PG's mailing list to a spammers' database of addresses... Needless
to say that I have not used this e-mail address (but really, really
really 100% absolute certainty that I have not used it in any single
instance), other than to post a couple messages in here.

This is truly worrisome... I wonder if spammers today are basically
subscribing to mailing lists so that they receive the e-mails (seems
like a very obvious trick), or if they're moving to the next level
of "decrypting" the "encrypted / anti-spam" form of e-mail addresses
(the way they're displayed on the mailing list web site)

Any comments? If it is the first option above, then it feels like
by definition there is absolutely nothing that can be done, now
or ever :-(

Carlos
--

#3Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Carlos Moreno (#2)
Re: E-mail harvesting on PG lists?

Carlos Moreno wrote:

This is worrisome...

I decided to create a separate account for my subscription to PG's
mailing lists (to avoid all replies bouncing back due to my strict
whitelist anti-spam filter) -- I created the account on Dec 22, and
today I notice a phishing e-mail ("Your PayPal account"), meaning
that it took less than two weeks for my e-mail address to go from
PG's mailing list to a spammers' database of addresses... Needless
to say that I have not used this e-mail address (but really, really
really 100% absolute certainty that I have not used it in any single
instance), other than to post a couple messages in here.

This is truly worrisome... I wonder if spammers today are basically
subscribing to mailing lists so that they receive the e-mails (seems
like a very obvious trick), or if they're moving to the next level
of "decrypting" the "encrypted / anti-spam" form of e-mail addresses
(the way they're displayed on the mailing list web site)

Our email lists are mirrored onto web sites like Google, so I am
thinking they got it that way.

Any comments? If it is the first option above, then it feels like
by definition there is absolutely nothing that can be done, now
or ever :-(

Yes, I came to that conclusion long ago.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
#4Magnus Hagander
Magnus Hagander
magnus@hagander.net
In reply to: Bruce Momjian (#3)
Re: E-mail harvesting on PG lists?

This is truly worrisome... I wonder if spammers today are

basically

subscribing to mailing lists so that they receive the

e-mails (seems

like a very obvious trick), or if they're moving to the

next level of

"decrypting" the "encrypted / anti-spam" form of e-mail

addresses (the

way they're displayed on the mailing list web site)

Our email lists are mirrored onto web sites like Google, so I
am thinking they got it that way.

archives.postgresql.org properly "hides" the addresses. However, they
are mirrored to Usenet News, where anybody can pick them up. Much easier
that way, I bet that's what most use.

Any comments? If it is the first option above, then it feels like
by definition there is absolutely nothing that can be done, now or
ever :-(

Yes, I came to that conclusion long ago.

That's the bottom line, though. Spamfilters help, but only part of the
way.

//Magnus

Import Notes
Resolved by subject fallback
#5Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Bruce Momjian (#3)
Re: E-mail harvesting on PG lists?

Bruce Momjian <pgman@candle.pha.pa.us> writes:

Carlos Moreno wrote:

Any comments? If it is the first option above, then it feels like
by definition there is absolutely nothing that can be done, now
or ever :-(

Yes, I came to that conclusion long ago.

Aggressive spam filtering is about the only thing that keeps email
workable at all anymore :-(. The idea of keeping your address hidden
is not workable and never really has been IMHO.

regards, tom lane

#6Gregory Youngblood
Gregory Youngblood
pgcluster@netio.org
In reply to: Bruce Momjian (#3)
Re: E-mail harvesting on PG lists?

I created an account for perl-cpan and it got hit with spam/phishing
attempts in less than a week.

There's not a lot that can be done about it. It's a losing battle to try
and fight. There are some things you can do, but it won't be 100%
effective. The closer you get to 100% effective, the more likely you are
to throw the baby out with the bathwater.

I started using dedicated addresses a few years ago. Anytime I sign up
for something, I use an address dedicated for that purpose. Then, when I
start seeing spam patterns, I know where the address was used. In the
case of mailing lists, there's not much to hide. However, when you sign
up for something with a legit store, and then 2 or 3 months later you
start getting bombarded with spam having nothing to do with that store
-- it's a pretty safe bet where the spammer got your address (unless you
use a very easy to guess address like a simple first name or something).

The other problem is dictionary attacks. There are distributed networks
of bots that do nothing except try a dictionary of names against your
mailserver. You can see how coordinated they are when you are getting
dictionary scans from IP addresses all over the globe, starting with A,
and not overlapping words.
They are getting more devious too. I found one that had a bug in their
tool so it was obvious the connections were linked and they overlapped
names every so often (unless it was a single bot net running two
separate lists, which is also possible).

It's ugly. No matter how you slice.

Greg

#7Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Magnus Hagander (#4)
Re: E-mail harvesting on PG lists?

Magnus Hagander wrote:

archives.postgresql.org properly "hides" the addresses.

If you think that spammers are unable to do s/ (at) /@/ you're living in
a dream world.

#8Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Carlos Moreno (#2)
Re: E-mail harvesting on PG lists?

Carlos Moreno wrote:

today I notice a phishing e-mail ("Your PayPal account"), meaning
that it took less than two weeks for my e-mail address to go from
PG's mailing list to a spammers' database of addresses...

Normally you get turnaround times of less than two hours on this, so you
got a good deal.

#9Guy Rouillier
Guy Rouillier
guyr@masergy.com
In reply to: Peter Eisentraut (#8)
Re: E-mail harvesting on PG lists?

Carlos Moreno wrote:

Any comments? If it is the first option above, then it feels like
by definition there is absolutely nothing that can be done, now or
ever :-(

I got an IMAP account with BurntMail.com. I belong to a dozen mailing
lists, and haven't received any spam since getting the email account.
They obviously do aggressive spam filtering, but as far as I know I'm
getting all the email I should. An option to consider...

--
Guy Rouillier

Import Notes
Resolved by subject fallback
#10Ian Harding
Ian Harding
harding.ian@gmail.com
In reply to: Guy Rouillier (#9)
Re: E-mail harvesting on PG lists?

On 1/8/06, Guy Rouillier <guyr@masergy.com> wrote:

Carlos Moreno wrote:

Any comments? If it is the first option above, then it feels like
by definition there is absolutely nothing that can be done, now or
ever :-(

I got an IMAP account with BurntMail.com. I belong to a dozen mailing
lists, and haven't received any spam since getting the email account.
They obviously do aggressive spam filtering, but as far as I know I'm
getting all the email I should. An option to consider...

I use Gmail which promises I will never run out of room, can tag
messages and bypass the inbox, and has a very good spam filter.
Searching is obviously pretty good too.

I noticed I got about 5 - 10 spam emails within MINUTES of each post
before I switched to Gmail, I'm sure I still do, I just don't see
them.

#11Jim Nasby
Jim Nasby
Jim.Nasby@BlueTreble.com
In reply to: Peter Eisentraut (#7)
Re: E-mail harvesting on PG lists?

On Sun, Jan 08, 2006 at 12:34:25AM +0100, Peter Eisentraut wrote:

Magnus Hagander wrote:

archives.postgresql.org properly "hides" the addresses.

If you think that spammers are unable to do s/ (at) /@/ you're living in
a dream world.

Agreed. I'd honesly rather we drop that nonsense so I can at least cut
and paste email addresses when needed.
--
Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461

#12Greg Sabino Mullane
Greg Sabino Mullane
greg@turnstep.com
In reply to: Jim Nasby (#11)
Re: E-mail harvesting on PG lists?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you think that spammers are unable to do s/ (at) /@/ you're living in
a dream world.

Agreed. I'd honesly rather we drop that nonsense so I can at least cut
and paste email addresses when needed.

I'd rather not. While obfuscation is not a surefire solution, it does help.
Quite a bit, as spammers generally go for the low hanging fruit. I've done
tests on this, and the number of spams received is far higher for
unobfuscated email addresses.

- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200601101538
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8

-----BEGIN PGP SIGNATURE-----

iD8DBQFDxBv6vJuQZxSWSsgRAjHTAKCS3T2o1zPaZNESrUyrL9NZyuZgYgCg/GGW
XxaU+C1A4Ol7ggUsTg9SMno=
=zuf4
-----END PGP SIGNATURE-----

← Back to Topics