[Mailman-Users] bots subscribing to lists via web formsto avoidmember-only restrictions

[Sarah]

        Pluss with those of us with failing site captchas are anoying if we don't have a pair of eyes to  deal with it.

SA&G
----- Original Message ----- 
From: "Stephen J. Turnbull" <stephen at xemacs.org>
To: "Jeffrey Goldberg" <jeffrey at goldmark.org>
Cc: "Mailman Users" <mailman-users at python.org>; "Matt Domsch" <Matt_Domsch at dell.com>
Sent: Sunday, January 06, 2008 5:01 PM
Subject: Re: [Mailman-Users] bots subscribing to lists via web formsto avoidmember-only restrictions


Jeffrey Goldberg writes:

 > On the whole, I have found these things so rare that it hasn't been a  
 > real problem.  However, in principle lists could easily be targeted,  
 > so it is worth considering captchas.

Captchas have been discussed, and were not considered worthwhile.

(1) There are many sites that describe algorithms for automatically
getting 50% or better recognition on many common captchas.  I've tried
a couple using the Gimp, and indeed it looks like it's pretty easy to
achieve a filter that gives OCR-able images.  Note that a 50% rate is
going to be good enough for any spammer if that gives access.

(2) Several dodges have been found to get human help for solving
captchas (sort of XSS attacks in reverse), and of course you can just
hire them.

(3) On the other hand, hard to read captchas are exactly that: hard to
read.  For humans, too.  So introducing captchas the score is Spammers
2, Humans 0.

------------------------------------------------------
Mailman-Users mailing list
Mailman-Users at python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: http://mail.python.org/mailman/options/mailman-users/marrie12%40gmail.com

Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&amp;file=faq01.027.htp