[Mailman-Developers] UI for Mailman 3.0 update

Cristóbal Palmer cmpalmer at garp.metalab.unc.edu
Wed Jun 16 06:57:59 CEST 2010

On Wed, Jun 16, 2010 at 01:03:20PM +0900, Stephen J. Turnbull wrote:
> The question is "what are they protecting?"  My claim is that if
> you're protecting economic resources (bandwidth, accurate counts of
> real users) they may be more or less useful.  If it's a security issue
> -- including ways of harvesting email addresses that involve
> subscribing -- though, you're busted.

To my mind the main resources we're protecting are moderator time and
site owner time, and we're admittedly cost shifting onto subscribers
for lists where CAPTCHAs are enabled.

> Mailman should clearly not provide any CAPTCHA implementation itself,
> given your claims of rapid progress in the field.

Not my claim. Others in the literature. I can do more digging if you
don't believe me or don't have institutional access. Regardless, we're
in agreement that it should not be the job of the MLM to provide the
CAPTCHA. I'd just like a tested, approved way to plug in reCAPTCHA at
the moment. I'll do it myself without any help from y'all (after my
masters paper), but I think this would benefit the community.

>  > and that I'm insisting people use cheap locks.
> No, that's not my claim.  My claim is that it is unethical to make
> weak locks available for free, without explaining to people their
> correct use.

Ahhh. Very much agree. Also, sorry about your stolen bike. :(

> The first thing I want to see, then, is documentation that CAPTCHAs
> are more effective than other methods of confusing the dumb 'bots.


Originally published in Science Express on 14 August 2008
Science 12 September 2008:
Vol. 321. no. 5895, pp. 1465 - 1468
DOI: 10.1126/science.1160379


Good a place as any.... take it up with the authors.

But think of it this way: if what mailman does is provide a plugin
spot for something external to do CAPTCHA or CAPTCHA-like work, then
some non-CAPTCHA method could be inserted that doesn't impose user
load. For example, people could use a plugin that adds a junk form
field that is hidden by CSS, or a simple 1 + 2 math problem, or any
number of other things. The point is that we're doing the equivalent
of adding braze-ons to the seat stays of a bicycle frame: whether the
user adds a sturdy rack, a cheap one, or none at all is up to them.

While I'm digging around and thinking of other anti-spam tools, maybe
it's worth digging around in here for ideas, since this seems rather
popular with WordPress:

Cristóbal Palmer

More information about the Mailman-Developers mailing list