Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] CAPTCHA on keitai



Curt Sampson writes:

 > Yes, but what use is a site such as Reddit for which nobody can sign up?

Should I care?<wink>

 > While there are plenty of sites out there which can be interesting
 > for small groups of people, a lot of websites benefit somebody (the
 > owners, the users, perhaps both) by having a large number of users.

But having a large number of users doesn't make you a target for
spammers, as long as the users who can add content are carefully
vetted.  What makes you a target for spammers is a "low bar" policy
for anonymously adding content that will get lots of views.

 > And by the way, "default deny" is not terribly hard to implement
 > for e-mail; quite a number of people out there are using systems
 > that bounce any e-mail from an address not on their allow lists,
 > returning a reply that asks legitimate senders to take some further
 > action.

I don't consider challenge-response to be an implementation of
"default deny", though, unless you use a tautological definition of
"default" ("whatever gets trapped is the default that I'm denying").
First, whitelisting email addresses is not an reliable implementation
of "deny unknown senders"; anybody can use any email address.  I've
been spammed apparently from addresses that would be in my white list
including RMS, the maintainer of Mailman, the author of TMDA, my
sister, and my alter ego the military historian, not to mention myself
and any number of mailing lists that I've subscribed to.

Second, challenge-response is not an implementation of "deny" at all.
I've also written and used a script that automatically replies to TMDA
challenges.

 > That most people don't use these says a lot, I think.

Indeed it does.  It says a lot about trying to retrofit "default deny"
to a "default permit" system.



Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links