Il 03/02/2014 20:57, Evgeny Khramtsov ha scritto:
Mon, 03 Feb 2014 19:45:21 +0100 Marco Cirillo <[email protected]> wrote:Long captcha - around 50%, mainly 70% of automated bot registrations E-Mail verification - Mainly 30%, This wards off the remaining bots which manage to OCR the captcha but can't deal with verifying E-Mails. DSA Filters + IP Throttling - By 19%, this mainly deals with Human solvers attempting to use DEAs to register spammy addresses. The remaining 1% usually it's still human solvers either using mail providers e.g. yahoo or gmail, or DEA Services I don't have the "fingerprint of" but it's usually easy enough to catch 'em with periodic log checks and zap 'em therefore.Nowadays email verification is bypassed easily by creating tons of fake emails on many servers or within single poorly protected server. We're thinking to switch to SMS-based verification for jabber.ru: we have it currently and it works fine and is pretty cheap, just need to disable email verification completely.
There're SMS gateways out there, while less you'd incurr in the same issues first or laters.
And I don't agree, it's trivial enough to filter out mail accounts created on one or multiple compromised mail servers, it's less easy for DEAs but nothing appropriate policy filtering can't deal with. The reason most spammers tend using DEAs nowadays it's that it makes it harder to tracedown offenders, while using stationary (even compromised) mail services does not.
-- *Marco Cirillo* /LW.Org/LW.Org IM Owner & Head Developer/ /Metronome IM Project Mantainer/Developer/ /Jappix Mantainer/Developer/ http://lightwitch.org
smime.p7s
Description: Firma crittografica S/MIME
