[Mailman-Users] misleading description

David Andrews dandrews at visi.com
Sun May 4 06:38:08 CEST 2008 

I have 120 lists and thousands of blind and visually impaired users, 
and if I were to implement any kind of captcha I would have a riot on 
my hands!!!

David Andrews

At 06:19 PM 5/3/2008, you wrote:
>  > On 5/3/08, Zbigniew Szalbot wrote:
>
>  > >              If the unsubscribe script cannot be exploited 
> remotely, then
>  > >  I do not see probing as a real threat (especially if 
> additionally secured
>  > >  by some captcha code or the like).
>
>Note that people seem to really want one-click unsubscription.
>CAPTCHA violates that design goal bigtime.
>
>Brad Knowles writes:
>
>  > CAPTCHAs are not secure.
>
>CAPTCHA-meme, die!  Die, die, die, I say!  Die-die-die-die-die!
>
>Anyway, what Brad said being taken as given, what seems to be the case
>is that trivial CAPTCHAs like
>
><!-- Guess which FAQ-o-matic uses this CAPTCHA, successfully AFAIK! -->
><form>
>Please type "CAP-ME" in the box:
><input type="password" size="32"
>        name="nobody_would_guess_im_a_captcha_cause_theres_no_image">
><submit>
></form>
>
>give all the protection that a CAPTCHA can give.  This is somewhat
>effective, because if the 'bot doesn't expect that particular CAPTCHA,
>it will lose.  And that's the best you can do.
>
>What I conclude is that CAPTCHAs are a reasonable way for some low-to-
>moderate-traffic sites to shift the burden of spam-fighting to their
>users and to other sites, but that if Mailman ever implemented one,
>that would immediately make Mailman sites a target for automated
>CAPTCHA breaking.  So sites serious about using CAPTCHA to discourage
>spamming would need to implement their own, anyway.
>
>------------------------------------------------------
>Mailman-Users mailing list
>Mailman-Users at python.org
>http://mail.python.org/mailman/listinfo/mailman-users
>Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
>Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
>Unsubscribe: 
>http://mail.python.org/mailman/options/mailman-users/dandrews%40visi.com
>
>Security Policy: 
>http://www.python.org/cgi-bin/faqw-mm.py?req=show&amp;file=faq01.027.htp
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG.
>Version: 7.5.524 / Virus Database: 269.23.8/1412 - Release Date: 
>5/2/2008 4:34 PM

More information about the Mailman-Users mailing list