James Ebright wrote: > Nothing is 100% but you can make it difficult enough or unlikely > enough that they will go look for easier targets... Our experience > was that simply checking the webserver env URI referrer variable was > often good enough in this scenario.
True; I *was* a little harsh, and checking the referrer will probably stop most of the current crop of attacks. It's a cheap test that's probably worthwhile. Setting a cookie is another good idea. But ultimately, this becomes the usual arms-race that can only end with some kind of prove-you're-human test, and we all know how horrible those are. :-( (Think Challenge-Response in the e-mail realm.) Regards, David. _______________________________________________ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
