[Mailman-Users] creating hidden field to stop bot spamsubscriptionrequest

[Mark Sapiro]

Richard Damon wrote:
>
>For other types of bots, having a key on the page that is needed to be
>returned will help, as it will catch bots that "know" what the
>subscription form looks like and just go around trying to submit it.
>Even better is to give out different keys each time, and checking that
>the key isn't too old or too young (figuring a human will take at least
>a few seconds to fill out the form, but the bot won't be patient enough
>to do that).


Except for the "too young" part this is what is implemented by
<http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1371>.
Too young could be a useful addition.

But, as Stephen points out, if the people who deploy these bots are
really interested in "getting the job done", they will figure out all
these tricks and deploy new bots that will succeed in spite of us.

The asking of a question which requires an "obvious to a human but
extremely difficult to a machine" answer is probably the best defence
as long as the questions and answers aren't fixed over many Mailman
installations.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan