[Mailman-Developers] Yet another weird-a$$ potential attack
problem...
Barry A. Warsaw
barry@zope.com
Fri, 5 Apr 2002 01:01:44 -0500
>>>>> "DN" == Dale Newfield <Dale@Newfield.org> writes:
DN> On Fri, 5 Apr 2002, Barry A. Warsaw wrote:
>> We can protect dumb replybots by making it less convenient for
>> our users, essentially by forcing them to perform an action
>> that is unlikely (though not impossible, Mr. Turing), to be
>> doable by anything other than a human.
DN> What if we make the required response not responding to the
DN> message, but rather following either an http link to a webpage
DN> with a "Yes" button, or following a mailto link that specifies
DN> the special reply token in the thus composed email message?
The former is already implemented in MM2.1; it's just optional not
mandatory. The latter is an interesting idea, but I don't how
burdensome that would be on people with today's MUA's (XEmacs/VM
handles it, and is that really the only one that matters :).
I'd be interested in other people's thoughts.
-Barry