[Mailman-Developers] "Turing test" to reject email harvesting bots
Bernhard Kuemel
darsie at gmx.at
Sun Nov 16 09:39:22 EST 2003
Hi mailman-users!
I wrote a "turing test" that keeps e.g. email harvesting bots off:
http://bksys.at/bernhard/img/turing.php?who=agent%20smith
source: http://bksys.at/bernhard/img/turing.txt
Since it is trivial to collect "high quality" email addresses
form mailman lists even if they are only available to the members
I'd like such a turing test be in mailman. Either before the
"view subscribers" page or as part of the subscription process.
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Click+here+for+the+list%22+%22batched+in+a+daily+digest%22&btnG=Google+Search
yields 24000 hits.
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22The+subscribers+list+is+only+available+to+the+list+members
yields 40000 hits.
The text image generation is a little CPU intensive (2 s on a
1800 MHz P4) so some measures may be desirable to prevent DoS
attacks by flood requests of the images. E.g. Put the test after
receival of the subscription email cookie was returned.
This test may disable users of non graphical web browers or email
only subscribers to subscribe.
Bernhard
--
Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at
Linux Admin/Programmierer: http://bksys.at/bernhard/services.html
More information about the Mailman-Developers
mailing list