Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

ct (2477)

ct
  (email not shown publicly)
http://cthompson.com/

Journal of ct (2477)

Monday October 21, 2002
08:48 AM

the CPAN spam harvest

[ #8491 ]
So, just in case anyone hadn't noticed, CPAN has been spidered for email addresses.

I have *@cthompson.com forwarded to my Inbox, and I use a different string for the username depending on who I'm giving the address to.

The address perl@cthompson.com has been used exactly three places...

use.perl.org

perlmonks.org

CPAN

I can't find a place on the first two I can get my email address, but checking Search.CPAN, there's my email address nicely formatted.

Several weeks ago I started getting german porn spam sent to that address. These were largely easy to filter, as they all contained the string "SEXKONTAKT" somewhere.

Today I got...

From: "Dr. Carter, President"
Reply-To: "Dr. Carter, President"
To: "perl@cthompson.com"
Subject: To: perl as a Good Person

Regular english language spam, though I must admit, it's not one I've seen before. This one appears to be selling some sort of self help book. Reading the copy it almost sounds like books on Scientology.

So, to HFB and crew who run search.cpan.org, I want CPAN to have my email address, but displaying it on search.cpan in plain mailto: format mean that any address I give CPAN is likely to be snarfed up for spam use.

I'd recommend at minimum, removing email addresses from the pages.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • search has that address is if PAUSE has it which means the whois file in the modules dir on CPAN has it. Also, anyone can take the list of IDs and make a list of ID@cpan.org for a spam list. While I sympathise with the disdain for spam I do think that people using and downloading your module[s] have the right to know your email address and there really aren't too many ways to do that without risking spam. Perhaps you could start experimenting with spam catchers?

  • I've been using a combination of Mail::SpamAssassin, procmail/mailstat, and Vipul's Razor 2 for several months now with no problems.

    I can highly recommend the combination, and can show you how I've got it all set up if you're interested.

    I've had one spam make it through the filters and one false positive (both early on). Nothing since.

    and yeah, I got "joe jobbed" recently too. not badly though. I've got procmail filtering those to the spamblock file for logging via mailstat now, as I consider those to be