Interestingly enough, the first place I ever saw the reverse turing test in use was in the signup for a yahoo account.
"This step helps Yahoo! prevent automated registrations." http://edit.my.yahoo.com/config/eval_register?.partner=&.intl=us&.src=my &.last= The objective should be to raise the cost of harvesting. As you say, it cant be prevented, but forcing a human into the loop can raise the cost substantially. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Chuq Von Rospach > Sent: Thursday, 21 February 2002 12:24 > To: Dale Newfield; [EMAIL PROTECTED] > Subject: Re: [Mailman-Developers] Interesting study -- spam > onpostedaddresses... > > > On 2/21/02 8:28 AM, "Dale Newfield" <[EMAIL PROTECTED]> wrote: > > > On Thu, 21 Feb 2002, Damien Morton wrote: > >> Making a private archive available to those who are list members > > > > I haven't commented on this before, but the reason I find this > > solution lacking is that most mailman lists (in my > experience) don't > > require list admin permission to join. If this is the hurdle, as a > > spammer I'd just create a hotmail account that I can automatically > > subscribe to any mailman mailing list, and then gain access to the > > honeypot. > > This hits another aspect of my design philosophy. Don't sweat > making one part of the system more secure than the other parts. > > In this case, you hit a nail on the head. If a spammer > really, really wants your subscribers, we can't stop him. > They can simply subscribe to a list and harvest it as it > comes across. Unless you choose to anonymize every bloody > message -- a spammer will win if they're motivated enough, > and a smart spammer will do so in a way you'll never find. > Like setting up a hotmail address for each list, so you can't > see that all 30 lists have the same address in common, and > simply reading messages as they come by. > > And since, inherently, you can't stop THAT, it makes no sense > to make archives more secure than that. Any spammer smart > enough to be willing to subscribe to a list to do their > harvesting, you're going to have a very tough time stopping. > Basically, you have to get lucky or hope they make a mistake > or some sort. > > So since you can't make the subscription process more secure > than that -- why try to make the archives more secure than > the subscription process? It's extra work for no real gain, > because any spammer will a clue will go through the patio > door in the backyard instead of the front door with the three > deadlocks and the security gate... > > > -- > Chuq Von Rospach, Architech > [EMAIL PROTECTED] -- http://www.chuqui.com/ > > Yes, I am an agent of Satan, but my duties > are largely ceremonial. > > > _______________________________________________ > Mailman-Developers mailing list > [EMAIL PROTECTED] > http://mail.python.org/mailman/listinfo/mailma> n-developers > _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers