[Mailman-Users] misleading description
Brad Knowles
brad at shub-internet.org
Sat May 3 19:55:04 CEST 2008
On 5/3/08, Zbigniew Szalbot wrote:
> Maybe in future it would be better to just disallow anyone to view a
> member's list and give a clear indication whether email has or has not
> been sent.
For closed rosters, we can't do that. If we give people an
indication as to whether or not a message was sent, they can use that
information to fish for e-mail addresses that they can spam.
> If the unsubscribe script cannot be exploited remotely, then
> I do not see probing as a real threat (especially if additionally secured
> by some captcha code or the like). But then I may not see all the
> consequences of such solution.
CAPTCHAs are not secure. The CAPTCHAs run by Gmail, Yahoo!, and
Windows Live Hotmail are all cracked, and about 50% of their outgoing
traffic is now spam from compromised or illegitimate accounts.
We do not use CAPTCHAs today, I believe they were a horrible idea to
begin with, and if I have anything to say about it then we will never
use CAPTCHAs ever in the future.
--
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
More information about the Mailman-Users
mailing list