[Mailman-Users] bots subscribing to lists via web forms to avoidmember-only restrictions

Stephen J. Turnbull stephen at xemacs.org
Mon Jan 7 02:01:58 CET 2008

Jeffrey Goldberg writes:

 > On the whole, I have found these things so rare that it hasn't been a  
 > real problem.  However, in principle lists could easily be targeted,  
 > so it is worth considering captchas.

Captchas have been discussed, and were not considered worthwhile.

(1) There are many sites that describe algorithms for automatically
getting 50% or better recognition on many common captchas.  I've tried
a couple using the Gimp, and indeed it looks like it's pretty easy to
achieve a filter that gives OCR-able images.  Note that a 50% rate is
going to be good enough for any spammer if that gives access.

(2) Several dodges have been found to get human help for solving
captchas (sort of XSS attacks in reverse), and of course you can just
hire them.

(3) On the other hand, hard to read captchas are exactly that: hard to
read.  For humans, too.  So introducing captchas the score is Spammers
2, Humans 0.

More information about the Mailman-Users mailing list