Re: [Mailman-Developers] CAPTCHA support

[David Andrews]

At 04:57 AM 3/5/2016, Aditya Divekar wrote:

Hi!
I was looking around the mailman code, and could not find the functionality
for captcha in the mailing lists subscription pages.
I think it could be a good feature to implement in the upcoming versions,
and would like to know if its a good idea?
I also came across the thread -
http://permalink.gmane.org/gmane.mail.mailman.user/74167
and read about the previous discussion on it by some members.
Since captcha back then was easier to break, it might not have been a
profitable feature, according to the thread.
But with the new recaptcha, I would like to know if the stand is the same.


There are a number of blind Mailman Admins out here, including 
myself, and many thousands of b lind or visually impaired users, for 
whom CAPTCHA can be a problem. We hate pictures of words and numbers, 
and are in favor of no CAPTCHA!


Dave




David Andrews and long white cane Harry.
E-Mail:  dandr...@visi.com or david.andr...@nfbnet.org

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[David Andrews]

At 08:20 PM 3/5/2016, Stephen J. Turnbull wrote:

Christian Schoepplein writes:
 > On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are 
implemented, they would have to be

 > > optional in my opinion as they would
 > > require signing up for a token with the captcha provider.
 >
 > Yes, if captchas really have to be implemented, please, please make
 > them optional! For example many blind people are using mailman and
 > captchas are a nightmare for them and from the point of view
 > regarding accessibility in general.

Be reassured: we understand (but easily forget, so feel free to remind
us!)

What is the opinion of audio captchas?  That is, do they actually
work, and are they a significant inconvenience even if they are at
least in theory possible to use for blind persons?  Google ReCAPTCHA
implements an audio recaptcha option, for example.


Some audio CAPTCHA's are ok, some are virtually impossible to 
decipher. Also, audio CAPTCHAs do not work at all for deaf-blind persons.


So, while it depends, audio CAPTCHA is a mixed experience at best, 
and impossible at worst.


Dave




David Andrews and long white cane Harry.
E-Mail:  dandr...@visi.com or david.andr...@nfbnet.org

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Rich Kulawiec]

On Sat, Mar 05, 2016 at 04:27:31PM +0530, Aditya Divekar wrote:
> I was looking around the mailman code, and could not find the functionality
> for captcha in the mailing lists subscription pages.

As someone who has been studying email abuse for 30+ years, I strongly
recommend against captchas for several reasons.

First, as noted elsewhere in this thread, they're problematic for impaired
or disabled users.

Second, they've been quite thoroughly defeated by advances in image
processing and character recognition.  We have long since passed the
point where the difficulty of captchas solvable by software has
exceeded the difficulty of captchas solvable by humans.

Third, as often noted elsewhere, it is relatively easy to conscript
humans (knowingly or unknowingly) into the mass solving of captchas.

Fourth, either a given instance is or is not a target of interest
to adversaries. If it is not, the captchas are of course not needed.
If it is, then they will not help: any modestly-clueful adversary
will go through them like they're not even there.

Bottom line: captchas are, at best, wishful thinking.  There is zero
operational reason to deploy them in 2016.

---rsk
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Stephen J. Turnbull]

Christian Schoepplein writes:
 > On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are implemented, they 
 > would have to be 
 > > optional in my opinion as they would
 > > require signing up for a token with the captcha provider. 
 > 
 > Yes, if captchas really have to be implemented, please, please make
 > them optional! For example many blind people are using mailman and
 > captchas are a nightmare for them and from the point of view
 > regarding accessibility in general.

Be reassured: we understand (but easily forget, so feel free to remind
us!)

What is the opinion of audio captchas?  That is, do they actually
work, and are they a significant inconvenience even if they are at
least in theory possible to use for blind persons?  Google ReCAPTCHA
implements an audio recaptcha option, for example.

 > Mailman 2.x is very accessible so far

Thank you!

 > and unfortunatly I hadn't time to take a look if postorius is also
 > good to use, but keeping mailman useable also for users with
 > disabilities should be always kept in mind IMHO!

This is a continuing goal of mine, for sure, and I think of all
Mailman developers.  But AFAIK we're all equipped with average-ish
levels of the usual senses, so feel free to remind us of the
principle, and if you notice any specific issues for accessibility,
*please* report them.  We probably won't notice them ourselves. :-(

@self (or anybody who wants to check and implement :-): We should have
an accessibility tag (and probably a usability or ux tag to
differentiate the use cases) on the tracker.

 > If spam protection mechanisms are needed,

No "if" about it, unfortunately.  But we do try to avoid mechanisms
that impose more pain on real users than on spammers.

Steve
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Developers] CAPTCHA support

[Stephen J. Turnbull]

Aditya Divekar writes:

 > But with the new recaptcha, I would like to know if the stand is
 > the same.

ReCAPTCHA looks very good, though I haven't used it.  However, the
professional spammers are quite capable of hiring humans to do their
work, and even conceal it as being charitable work (digitizing old
books, for example).  On the other hand, unsophisticated spammers are
easily turned away with simple textchas (eg, the Python sites use
questions like "What is van Rossum's first name?" -- no, I didn't try
"Just" :-).

I conclude that spam is a disease and evolves resistance to antispam
technology at rates that resemble the ability of bacteria to evolve
resistance to antibiotics, and we just have to keep a careful watch on
every mail service we administer to see what the spammers are up to in
our neighborhoods.

Steve

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] Mailman 3 on lists.mailman3.org

[Abhilash Raj]

Hi Mark,

On 03/05/2016 04:14 PM, Mark Sapiro wrote:
> I'm starting to look at getting a production mailman-us...@mailman3.org
> list set up and running.
> 
> I haven't gotten too far into it, but I see one issue and have a question.
> 
> The issue is that there is an MX record for mailman3.org pointing to
> mail.mailman3.org, but mail.mailman3.org doesn't have an A record; it
> has a CNAME pointing to mailman.iad1.psf.io which is the canonical name
> of the server.
> 
> RFC 2181, sec 10.3 says the target of and MX must have address records,
> not CNAME. I.e. mail.mailman3.org should not have a CNAME, but rather an
> A record pointing to 104.239.228.201 or I suppose instead, the MX for
> mailman3.org could point directly at mailman.iad1.psf.io.
> 
> Anyway, this is not an immediate concern, but will need to be addressed.
> 
> For my question, there is a MM 3 installation on the server now done, I
> think, by Abhilash (@maxking). It seems only partly done. I.e. there's a
> whole bunch of stuff in /opt/mailman that looks fairly complete, there's
> some stuff for it in the nginx and postfix configs, there are systemd
> scripts for starting and stopping mailman, but there's no mailman user
> or group on the server. This latter may be the result of the PSFs salt
> management.

Yes, I did setup a Mailman 3 instance on that server, but haven't
actually looked at it recently. I was just playing around and probably
did not create the Mailman user or Group, but I should have. I hooked
everything up though and it was working. There must be configuration
files for gunicorn too, to deploy Postorius and Hyperkitty.

> Anyway, the question is is this usable? should it be upgraded? what else
> needs to be done (not in detail, just whatever pieces are known to be
> missing)?

I guess it should be upgraded to the latest mailman version. I installed
everything from the latest master branch (that time) instead from the
released version. Although, a fresh install using bundler won't hurt. We
can then upgrade our own servers before rolling out the releases ;-)


> 
> 
> ___
> Mailman-Developers mailing list
> Mailman-Developers@python.org
> https://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives: 
> http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe: 
> https://mail.python.org/mailman/options/mailman-developers/raj.abhilash1%40gmail.com
> 
> Security Policy: http://wiki.list.org/x/QIA9
> 

-- 
thanks,
Abhilash Raj
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Developers] Mailman 3 on lists.mailman3.org

[Mark Sapiro]

I'm starting to look at getting a production mailman-us...@mailman3.org
list set up and running.

I haven't gotten too far into it, but I see one issue and have a question.

The issue is that there is an MX record for mailman3.org pointing to
mail.mailman3.org, but mail.mailman3.org doesn't have an A record; it
has a CNAME pointing to mailman.iad1.psf.io which is the canonical name
of the server.

RFC 2181, sec 10.3 says the target of and MX must have address records,
not CNAME. I.e. mail.mailman3.org should not have a CNAME, but rather an
A record pointing to 104.239.228.201 or I suppose instead, the MX for
mailman3.org could point directly at mailman.iad1.psf.io.

Anyway, this is not an immediate concern, but will need to be addressed.

For my question, there is a MM 3 installation on the server now done, I
think, by Abhilash (@maxking). It seems only partly done. I.e. there's a
whole bunch of stuff in /opt/mailman that looks fairly complete, there's
some stuff for it in the nginx and postfix configs, there are systemd
scripts for starting and stopping mailman, but there's no mailman user
or group on the server. This latter may be the result of the PSFs salt
management.

Anyway, the question is is this usable? should it be upgraded? what else
needs to be done (not in detail, just whatever pieces are known to be
missing)?

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



signature.asc
Description: OpenPGP digital signature
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] [Mailman-Developters] GSoC support

[Abhilash Raj]

Hi Amil,

On 03/05/2016 03:22 AM, amil shanaka wrote:
> Hi,
> I'm a 3rd year under graduate in the department of Computer Science and
> Engineering at University of Moratuwa, Sri Lanka
> 
> I tried to connect with mailing list in Mainman but it doesn't work.
> 
> I did my Internship In WSO2 Message Broker Team. so i learned  about
> MQTT(with netty) and AMQP protocols about how message broker work with
> sub/pub with topic,durable topics and also i did a research about off-heap
> implementation for mb.
> 
> So I want to know more details regarding* Message queue based email
> archiver *Project which i can proceed through.

Right now, Mailman sends each email it receives to the (enabled)
Archivers through a POST request. We want to have a pub/sub kind of
model for the emails as well as some of the events that other archivers
or apps built on top of mailman can consume. Events like ListCreated,
ListRemoved or something like that.

The above is just a very basic idea of what we want. You need to focus
your application around how we can do this. Florian and Aurelien would
be able to help you better if you come up with some ideas. You might
want to go through the current codebase for Mailman, looking for the
parts of code that are concerned with Archivers. A general idea about
the complete architecture would also be a good idea.

There are several design documentation about the architecture of Mailman
3 core. You can find article in the mailman3 docs, there is a chapter in
Architecture of Open Source Applications book v2 and also there is a
talk that Barry gave in PyCon 2012.

Just as a reminder, you need to submit atleast one merge request fixing
any of the issues mentioned in the bug tracker of any mailman projects.

Let us know if you have more questions.


> 
> Please Refer My LinkedIn: (amil shanaka
> ) for more detail about me and the
> projects I've done so far.
> 
> Hope you will help me with this.
> 
> Thanks,
> 

-- 
thanks,
Abhilash Raj
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Mark Sapiro]

On 03/05/2016 04:03 AM, Aditya Divekar wrote:
> 
> I was mostly basing this idea on the lines that it is easy to put in a spam
> subscription request to the mailing lists now.
> Implementing captcha could nip most of these attempts in the bud itself,
> and save mailman the extra efforts of sending the confirmation link to the
> subscriber.


Subscription confirmation has nothing to do with spam subscription
attempts. It is to prevent me (a human) from subscribing other people's
addresses to lists. Captchas and similar hoops to jump through do not
stop my doing that and do not obviate the need for confirmation.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Developers] [Mailman-Developters] GSoC support

[amil shanaka]

Hi,
I'm a 3rd year under graduate in the department of Computer Science and
Engineering at University of Moratuwa, Sri Lanka

I tried to connect with mailing list in Mainman but it doesn't work.

I did my Internship In WSO2 Message Broker Team. so i learned  about
MQTT(with netty) and AMQP protocols about how message broker work with
sub/pub with topic,durable topics and also i did a research about off-heap
implementation for mb.

So I want to know more details regarding* Message queue based email
archiver *Project which i can proceed through.

Please Refer My LinkedIn: (amil shanaka
) for more detail about me and the
projects I've done so far.

Hope you will help me with this.

Thanks,

-- 

*Amil shanaka*

*Integrated Computer Engineering | University Of Moratuwa*

mobile : (+94) *718548973 *|  email : *catcha...@gmail.com*
 | *amil...@cse.mrt.ac.lk *

skype  : *amilshanaka*
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Developers] Basic workflow of the ARC implementation

[Aditya Divekar]

Hi Steve!

Now going back to the implementation, the message needs to be signed after
its headers have been cooked, since they are included in some of the
signatures below.
So after the message headers have been cooked, and before the message has
been enqueued by the switchboards onto the various queues, we shall
catch the email, and perform the ARC operations on it as given below. After
this we can reinject the mail into the queues. This can be done by
modifying the process that handles the queuing of the mails.(This can be
done when the integration process into Mailman starts later on)

For now, I will assume that only the message is available to us in its
complete form after the list has cooked its headers.

We need to generate a private and a public key for the signing purposes.
For testing purposes, and while working on the code, I can probably
generate the keys locally using the openssl tool.

As a rough sketch of implementation,

1. ARC Seal

The tags -

NOTE - Now, here we needed to check the given message for any pre-existing
signatures in most of the fields. For this I think a separate module can be
created which can extract the previous ARC headers if they exist from the
message. The code for this can be again used from the dkimpy package.

i: The value for this tag can be determined by performing a check on the
original signature
and seeing if there were previous ARC headers. If yes, we increment the
value of the previous "i" by 1,
and if no, make it 1.
a: The value for this is fixed.

t,s,d: These can be obtained by using pre-existing dkimpy package.

b: Now we can compute the header hash using the dkimpy package again by
using the headers given here
. Here,
we call the dkimpy package and get the signature for the above headers and
then affix it to the "b="header.

cv: Use the same check as "i", if there is already an ARC i.e. i>1, then we
make it as "V", else "N".

The ARC Seal gets computed here.

NOTE-For giving the "s" and "d" (selector and domain tag values), we will
need to produce records for these where the key can be stored so that it is
available for query by the verifiers (I still have to look up this
mechanism).

2. ARC Message Signature

The tags -

i: The value for this tag is determined similar to the "i" tag for the ARC
Seal.

a,t,s,d: These can again be obtained from the dkimpy package.

bh: The body hash. This can be obtained from the package. Here, we set the
canonicalization to 'relaxed' and get the body hash.

h: The "h=" header list is signed with the implicit list (as given in the
draft) and any explicit list that we want in addition.
Now, for mailing lists, the recommended headers are -
List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:Reply-To:
and any other fields added by the list like the Precedence, XTopics or
else.
We will also sign the DKIM signature of the previous mail here if
available(suggested by the draft).
For this signing, we can use a modified version where the
FROZEN_HEADERS(headers that are signed by default) will specify the
implicit headers according to ARC
specs(Another option could be to get all the implicit+explicit headers
signed by the package, extract the h header, and modify it to include only
the explicit headers.)
b: The signature, calculated from the package. The h tag is used as
described above.


3. ARC Authentication Results.
The "i" tag simply takes on the value same as the above "i" tags.
Now from our previous conversation, as you suggested, the authenticity of
the previous MTA who sent us the mail is not sure to be trusted. So in the
case where we don't trust the previous MTA, we will have to perform our own
DMARC, SPF, DKIM testing of the recieved mail. If previous ARC chain exists
i.e. cv=V, then we perform the ARC test too.
Now for performing the tests -
In one of the earlier mails, we discussed the use of the "authres" package
for generating the authentication results header. The package conforms to
the RFC7001 format, and now the format used is RFC7601. But according to
the changes that I verified, we can use the package without any changes.
(The changes were mostly related to extra specifications that are optional.
Can be skipped for our purposes)
So the "authres" package can be called here for generating the AAR.

If we need to perform the ARC test, then the module for that will have to
be implemented manually. Though most of the code from the package for DKIM
verification can be used.
This is also the point where we detect if the mail is spam or not. If the
arc test fails, then there is something fishy here. DKIM, DMARC, SPF may
fail, but the failure of this test means the mail is not authentic. At this
point the mail should probably be discarded (or any other measures that
need to be taken).

Now coming to the testing part. There can be a number of tests like
verifying the generated ARC signature, chan

Re: [Mailman-Developers] CAPTCHA support

[Aditya Divekar]

Yes, I was of the opinion that it could be an optional feature.

Making it compulsory would involve critical problems as mentioned above by
Christian, and might sometimes be disagreeable to list users who think its
an unnecessary overhead of time.

I was mostly basing this idea on the lines that it is easy to put in a spam
subscription request to the mailing lists now.
Implementing captcha could nip most of these attempts in the bud itself,
and save mailman the extra efforts of sending the confirmation link to the
subscriber.

Thanks.

Aditya
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Christian Schoepplein]

On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are implemented, they 
would have to be 
> optional in my opinion as they would
> require signing up for a token with the captcha provider. 

Yes, if captchas really have to be implemented, please, please make them 
optional! For example many blind people are using mailman and captchas are a 
nightmare for them and from the point of view regarding accessibility in 
general.

Mailman 2.x is very accessible so far and unfortunatly I hadn't time to take a 
look if postorius is also good to use, but keeping mailman useable also for 
users with disabilities should be always kept in mind IMHO!

If spam protection mechanisms are needed, please think about better 
alternatives or make this mechanisms optional!

Thanks and all the best,

  Christian

-- 
Christian Schoepplein - ch...@schoeppi.net - http://www.schoeppi.net
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Developers] CAPTCHA support

[Simon Hanna]

On 03/05/2016 11:57 AM, Aditya Divekar wrote:
> Hi!
> I was looking around the mailman code, and could not find the functionality
> for captcha in the mailing lists subscription pages.
> I think it could be a good feature to implement in the upcoming versions,
> and would like to know if its a good idea?
> I also came across the thread -
> http://permalink.gmane.org/gmane.mail.mailman.user/74167
> and read about the previous discussion on it by some members.
> Since captcha back then was easier to break, it might not have been a
> profitable feature, according to the thread.
> But with the new recaptcha, I would like to know if the stand is the same.
The message you mentioned said that it might be because of lacking csrf 
protection.
With django all the forms are protected by csrf.

About captchas. If they are implemented, they would have to be optional in my 
opinion as they would
require signing up for a token with the captcha provider. Or were you thinking 
about implementing
your own service? I'm pretty sure there are django apps out there that add 
captcha support.
It would be a nice addition if it's optional. If it's not I guess it would need 
more discussion.

___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

[Mailman-Developers] CAPTCHA support

[Aditya Divekar]

Hi!
I was looking around the mailman code, and could not find the functionality
for captcha in the mailing lists subscription pages.
I think it could be a good feature to implement in the upcoming versions,
and would like to know if its a good idea?
I also came across the thread -
http://permalink.gmane.org/gmane.mail.mailman.user/74167
and read about the previous discussion on it by some members.
Since captcha back then was easier to break, it might not have been a
profitable feature, according to the thread.
But with the new recaptcha, I would like to know if the stand is the same.

Thanks

Aditya
___
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: 
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9