hi ya
> JC Dill wrote:
>
> David W. Tamkin wrote:
> > When Alvin Oga wrote,
> >
> >> - a good list manager sw will be able to defeat this
> >> faked autoconfirmation from a supposed human confirmation
> >
> > Jim Galvin asked,
> >
> > | Would you please describe how one could detect that a message came from
> > | a human and not an autoresponder?
> >
> > Perhaps to confirm one would have to follow some instructions other than just
> > replying. (Such a requirement would lock out attempted subscriptions by
> > humans who won't read instructions, but that might be a good thing.) For
> > example, autoresponders are likely to quote back (a) none of the received
> > text, (b) all of the received text, or (c) a certain amount from the top of
> > the received text. So if the applicant is sent two confirmation codes and in
> > order to confirm has to return only the lower one without the upper one, a bot
> > is likely to fail. Or if the confirmation code needs to be edited slightly --
> > say it is twelve characters long, and it has to be sent back with the first
> > five characters moved to the end -- a bot is likely to fail.
> >
> > And of course, so are 98% of human applicants.
if the sw fails and bounces a human replying to their real subscription,
than the "anti-spambot" detection failed
( i dont like false positives )
> Which makes it very odd that you would consider this "good list
> management software". If list management software could distinguish
> between a reply-bot and a human, for it to be considered "good" it would
i'd guess that most auto-responders will put in some headers ... :-)
- pick a set of random autoreponder from say "[EMAIL PROTECTED]"
and see what different headers it has
( that is the assumption that you can use to reject confirmations
( from auto-spambot subscriptions
> have to do it in a way that doesn't foil the normal human subscription
> confirmation process. IMHO, such a software product doesn't exist,
yup.. no such thing yet
> because there is no way (via text email) to make the process both easy
> for the human and difficult for a reply-bot. That is why many large
> free sites are using "type in the word you see in the graphic below" to
> thwart subscribe-bots, but this technique doesn't work in a plain-text
> email world.
>
> Will this be the end for "plain text email for those with no web access"
> mailing lists?
for business mailing lists...
i'd deny all access from yahoo/hotmail/excite/etc..etc..
- web based mails and perl scripts(?) to to/from/subject headers
are probably the worst spam offenders ( too easy to do )
for personal mailing lists...
i'd use a whitelist of subscribers... ;-)
which is the list itself ... ( no auto-subscribes )
c ya
alvin
