I like the honey pot method of captcha. I switch what I call the email field in the code to something crazy and then I add a hidden field called email. Bots will always fill the email field, but people can't because they can't see it. so you can tell if it was a person or a bot. Seems to work pretty well. Don't really know if there is a disadvantage to doing it this way, but so far it has worked well.
Scott Ballantyne ekohe.com On Sat, Aug 14, 2010 at 2:42 AM, Justin James Grevich <[email protected]> wrote: > The RESTful authentication gem ( > http://github.com/technoweenie/restful-authentication > ) has a nice code generator for activation emails: > > ./script/generate authenticated user sessions --include-activation > > That code provides a good start to build off of and should work out of > the box IIRC. Although RESTful-auth is still being updated, it seems > most people are favoring Authlogic ( http://github.com/binarylogic/authlogic > ). You could use the generated code as an example/scaffold for > Authlogic + OpenID. > > I found this guide ( > http://www.slideshare.net/JamesEdwardGrayII/sending-email-with-rails > ) while searching for an answer to Chris's spam related question. > > Chris, this isn't the reference I was looking for, but here are some > suggestions on mass-emailings and how to prevent them from ending up > in someone's spam box: > http://www.slideshare.net/ibelmonte/massive-emailing-with-linux-postfix-and-ruby-on-rails > . Depending on how far you take it, it can be rather complex and may > be more worthwhile to outsource this task. > > I think Patrick has the best suggestion of using a service like > MailChimp/Sendgrid/Constant Contact. I have been very happy with > Mailchimp and the extra metrics/features are an added bonus > > Best regards, > > > > justin > > On Aug 10, 10:59 pm, Gk <[email protected]> wrote: >> FWIW, my take is that it's not too much to ask that users of an >> application provide a legitimate, working email address by which you >> can actually contact them. That being said, the whole 'click here to >> activate' round trip can definitely be a PITA, so we have approached >> this by adding OpenID, Facebook, and Oauth (Twitter) along with good- >> old 'gimme an email and pw' registration. >> >> -Gk >> >> On Aug 9, 10:20 pm, Chris McCann <[email protected]> wrote: >> >> >> >> > SD Ruby, >> >> > I'm working on a site that launched in a private beta today, private >> > in that basic HTTP authentication is required to get into the site. I >> > need some advice on security versus ease of sign-up. >> >> > We send a confirmation email after someone signs up for an account. It >> > contains a link that has to be accessed in order to "activate" an >> > account. Of the 10 people who signed up today 3 of them either didn't >> > get the email or had to dig into their spam folders to find it, or >> > perhaps folks were just too lazy to simply click the link. >> >> > Regardless the client is concerned that the email confirmation >> > requirement is going to seriously stifle the volume of sign-ups. My >> > concern is that if we don't have some sort of confirmation step we'll >> > be overrun with spam accounts and "wild sex girl pics" (as I saw on >> > the SDRuby home page - yikes!). >> >> > I suppose we could use a CAPTCHA in lieu of the confirmation email -- >> > we have to do something to cut down on bogus accounts. I'd appreciate >> > anyone throwing out some ways they've handled this in their Rails >> > apps. >> >> > Also, if there are any email gurus here what are your top tips for >> > preventing email from a new domain from being classified as spam? I >> > checked spamhaus today and neither our IP nor our domain were listed >> > anywhere. I did learn from the client that he had GoDaddy setup email >> > for the domain we're now using, so I suspect that may be at the root >> > of the false spam issue. Any tips are appreciated! >> >> > Cheers, >> >> > Chris > > -- > SD Ruby mailing list > [email protected] > http://groups.google.com/group/sdruby -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby
