[Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests
Stephen J. Turnbull
stephen at xemacs.org
Tue Oct 23 05:23:58 CEST 2012
Kalbfleisch, Gary writes:
> I personally don't care for CAPTCHA but it exists for a reason.
Sure, the eternal search for easy solutions to difficult problems.
> If anyone can suggest a better solution I would love to here it.
> Right now Mailman is being exploited to email bomb individuals and
> DOS email systems. This cannot continue.
It's not obvious there are better solutions. It's pretty obvious that
CAPTCHA is at a stage where serious miscreants won't be slowed much by
it (there are canned solutions, and even in 2009 they were good enough
for automated mischief-making), while it does bother legitimate users.
You're right that it can't continue, but I don't really know if
there's a way out. It may just not be possible to advertise open-
subscription lists without attracting such abuse.
One thing we could try is to encourage use of OpenID (which Mailman
doesn't support AFAIK, but there may be third-party patches, and I bet
Mark (2.1 series) and Barry (Next Generation) would both be happy to
see it. I guess mailbomb.com could just automate creation of GMail or
Hotmail accounts, so it wouldn't be a permanent solution. But it
would be transparent to most users, and some would be actively pleased
More information about the Mailman-Users