[Mailman-Developers] UI for Mailman 3.0 update

[Stephen J. Turnbull]

Eric Bloch writes:

 > I am a lurker here and can concur with Cristóbal's sentiments wrt
 > captchas .  I run http://markmail.org where we provide a search
 > index for thousands of public mailman lists (and google groups and
 > other mailing lists as well).  The captchas we use (for a variety
 > of purposes) aren't perfect, but they get rid of a lot of junk.

How do you know?  "Post hoc ergo propter hoc" is a fallacy.

In my (limited and often second-hand) experience, *any* change to a
form reduces "junk" dramatically.  Simply using obfuscated names for
signup fields (such as swapping the email address variable name and
the full name variable name) often reduces signups (presumably the
difference is 'bots) significantly.  I've heard one report that
switching from a homebrew CMS to Drupal (IIRC) was followed by a
dramatic increase in signups ... most of the increase being bogus.
Nothing against Drupal, just that it apparently provides standard
forms for certain purposes, and 'bots take advantage.  Any standard
and common system (eg, Mailman) which recruits members would face the
same problem.

Do cosmetic changes work as well as captcha?  I don't know.  I do know
that about 2 years ago I downloaded one of the gocr-based captcha
breakers and watched it get 5% to 40% success rates against a
star-studded cast (don't recall exactly, but the likes of Google and
Yahoo were in there).  95% "correct" answers may sound good to a
college student taking a final exam, but what that means in the case
of captchas is bogus signups at a maximum rate of about 3/min.  Oops.

My conclusion (lacking other data) is that the cost of annoying my
users is far greater than the potential benefit.  I don't intend to
even try to collect real data on captcha efficacy. ;-)