link

An astute user helped me uncover a problem in Frassle today. Unfortunately, the problem was that frassle made registration email addresses public by default, and spammers were harvesting these addresses. If you signed up for frassle, your email address may have been read by spammers. This has been fixed for the future but some addresses may have already been leaked.

The problem was that frassle published <managingEditor> and <webmaster> elements in its RSS feeds. These elements are required by the RSS 2.0 spec to contain email addresses, and frassle used your registration email address as the initial value for these. So your email address became public by default… whoops.

This was due to my negligence and I'm sorry if I've contributed to your spam problem. Since Derik emailed me, I've changed the RSS generation so that these two elements are omitted. The RSS feed should no longer disclose your email address, and I don't believe this information is disclosed anywhere else in the system. Derik also commented that he'll be changing his blog post, "Frassle Sells Your Email" (update: now "The Dangers of Email Addresses in RSS Feeds"), to clarify that this is a mistake that's been corrected. I stand by my promise to never sell your email address or personal information.