On Sat, Mar 05, 2016 at 04:27:31PM +0530, Aditya Divekar wrote: > I was looking around the mailman code, and could not find the functionality > for captcha in the mailing lists subscription pages.
As someone who has been studying email abuse for 30+ years, I strongly recommend against captchas for several reasons. First, as noted elsewhere in this thread, they're problematic for impaired or disabled users. Second, they've been quite thoroughly defeated by advances in image processing and character recognition. We have long since passed the point where the difficulty of captchas solvable by software has exceeded the difficulty of captchas solvable by humans. Third, as often noted elsewhere, it is relatively easy to conscript humans (knowingly or unknowingly) into the mass solving of captchas. Fourth, either a given instance is or is not a target of interest to adversaries. If it is not, the captchas are of course not needed. If it is, then they will not help: any modestly-clueful adversary will go through them like they're not even there. Bottom line: captchas are, at best, wishful thinking. There is zero operational reason to deploy them in 2016. ---rsk _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9