[Mailman-Users] misleading description

Brad Knowles brad at shub-internet.org
Sat May 3 19:55:04 CEST 2008

On 5/3/08, Zbigniew Szalbot wrote:

>  Maybe in future it would be better to just disallow anyone to view a
>  member's list and give a clear indication whether email has or has not
>  been sent.

For closed rosters, we can't do that.  If we give people an 
indication as to whether or not a message was sent, they can use that 
information to fish for e-mail addresses that they can spam.

>              If the unsubscribe script cannot be exploited remotely, then
>  I do not see probing as a real threat (especially if additionally secured
>  by some captcha code or the like). But then I may not see all the
>  consequences of such solution.

CAPTCHAs are not secure.  The CAPTCHAs run by Gmail, Yahoo!, and 
Windows Live Hotmail are all cracked, and about 50% of their outgoing 
traffic is now spam from compromised or illegitimate accounts.

We do not use CAPTCHAs today, I believe they were a horrible idea to 
begin with, and if I have anything to say about it then we will never 
use CAPTCHAs ever in the future.

Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

More information about the Mailman-Users mailing list