Ben Cooksley writes: > A pity, as the subscription form definitely could do with the same > form of protection.
Think about what you're saying. "Open subscription" either means open subscription, or an admin has to do all the work. There's no third way. (Well, there is, but it only applies to lists that don't need to allow subscriptions from outside the firewall, and cannot be implemented in Mailman itself.) > While i'm aware that CAPTCHA's can be broken, it does raise the level > of difficulty the spammer must go through to abuse your service. No, it doesn't. It's a one-time investment for the spammers, and raises the level of difficulty for the *first* victim. After that, it's all free to them. If you want CAPTCHA, what you *want* to do is to implement it yourself. Once it becomes standard in Mailman, it will be broken (probably weeks before the official release), the exploit will be on sale (ditto), and CAPTCHA will be worthless to you from then on. Personally, I haven't seen any evidence of these attacks. My lists max at less than 1000 users, most are less than a dozen. I suspect this means that these miscreants are going after big lists because they're big. If so, there is probably enough profit in it that they can afford to hire people to solve CAPTCHAs and PlayThru. We need to rethink the whole model. :-( ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
