On Wed, Aug 26, 2020 at 2:37 PM Jim Popovitch via Mailman-Users <mailman-users@python.org> wrote: > > Hi Folks, > > A couple of days ago, over on the MAILOP mailinglist, there was a long > thread titled 'Mailman confirmation email denial of service'. This > detailed some of the problems we've all seen with Mailman subscription > spam. The Mailman team has addressed a lot of these problems with > ReCAPTCHA support and additional configuration options. Arguably the > best solution has been the ReCAPTCHA integration. BUT, a lot of people > don't like the Google tie-ins that come with ReCAPTCHA.
The person describing the problem in that thread had not set SUBSCRIBE_FORM_SECRET, and someone with apparently the same problem described it as "actually filling it correctly (password, confirmation...) and, as shown below, without even fetching the page containing the form first". I may well have misunderstood it, and apologise in advance if I have, but it seems that the problem in question could have been avoided using an existing feature of Mailman 2. (It would be ideal if Mailman 2 could be developed until the same set of people who installed it can install Mailman 3, but I don't know how realistic that is. I installed MM2 on a shared server, with no real expertise and at no extra cost, but have been told I would need to pay for a dedicated server to install MM3. I will probably move to MM3 mainly for its email-from-web feature, but pay to have the list hosted for me on a subdomain.) Best wishes Jonathan ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
