On 5/3/08, Zbigniew Szalbot wrote:
Maybe in future it would be better to just disallow anyone to view a
member's list and give a clear indication whether email has or has not
been sent.
For closed rosters, we can't do that. If we give people an
indication as to whether or not a message was sent, they can use that
information to fish for e-mail addresses that they can spam.
If the unsubscribe script cannot be exploited remotely, then
I do not see probing as a real threat (especially if additionally secured
by some captcha code or the like). But then I may not see all the
consequences of such solution.
CAPTCHAs are not secure. The CAPTCHAs run by Gmail, Yahoo!, and
Windows Live Hotmail are all cracked, and about 50% of their outgoing
traffic is now spam from compromised or illegitimate accounts.
We do not use CAPTCHAs today, I believe they were a horrible idea to
begin with, and if I have anything to say about it then we will never
use CAPTCHAs ever in the future.
--
Brad Knowles <[EMAIL PROTECTED]>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
------------------------------------------------------
Mailman-Users mailing list
[email protected]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
