[Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

Lindsay Haisley fmouse-mailman at fmp.com
Wed Oct 24 07:08:19 CEST 2012

On Wed, 2012-10-24 at 11:57 +0900, Stephen J. Turnbull wrote:
> Lindsay Haisley writes:
>  > Take a look at <http://areyouahuman.com/>.
> I just tried their sample.  I'd rather face a CAPTCHA!  And their
> twitter feed reads like spam -- same comments, same apparent author,
> different avatar.  Not a great start if they want to captcha my lists! 
> ;-)

Well that's understandable.  Their enterprise has a bit of the flavor of
a small-time hustle; nonetheless, my point is that they seem to have
focused on a simple paradigm that would be very hard to crack short of
some sort of advanced AI technology.  It's this aspect that bears

> Seriously, I can see how it would work if they got the human factors
> right.  Also seriously, do they have an accessible alternative?  (No
> less than three of the people who currently aren't on my list that I
> wish were on it are somewhere between totally blind and "visually
> challenged".)  And of course nothing visual works if you use a text
> browser.

It's not hard to imagine an audio equivalent - a simple puzzle, such as
"Press 1 when you hear the sound of a duck".  This example would be
culturally constrained (people with no experience with ducks would be
puzzled!) but this is a direction to consider.  All captchas are by
their very nature culturally constrained to a greater or lesser degree.

> In general, it's still a stopgap.  Requiring a test is offensive to
> real people.  If you want to live only in meatspace (and be
> untrackable in the virtual world), I guess that's unavoidable.  But
> for the vast majority of people, they just want to have an ID they can
> use to sign up anywhere, without being treated like the spamming
> equivalent of HIV.

Any solution to the problem is going to have to be anchored in
meatspace.  This is the bottom line on detecting the difference between
bots and people.

Life is a study in tradeoffs.  The tradeoff of having "an ID they can
use to sign up anywhere, without being treated like the spamming
equivalent of HIV" would probably be a gross loss of anonymity, the
digital equivalent of having a passport which could be verified through
a government's department of state.  This might be just as onerous to
some people as a captcha or a puzzle.

Yes, some people consider a captcha to be offensive, and I've had
colleagues who won't use them for sites where they really don't want to
communicate the slightest hint of suspicion to visitors, such as
political organizations that are eager to sign up volunteers or
supporters.  A captcha becomes kind of like passing muster with a
bouncer who's making sure that a club's dress code is observed.

On the other hand, most people get spam, and hate it, and can appreciate
that their own interests are served by having to jump through a hoop or
two to make sure that they're entering a bot-free zone.  I think a lot
of the acceptability of such schemes hinges on how they're presented and
introduced in the context of their usage.

Lindsay Haisley       |   "Friends are like potatoes.
FMP Computer Services |    If you eat them, they die"
512-259-1190          |
http://www.fmp.com    |              - Aaron Edmund

More information about the Mailman-Users mailing list