[Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

[Stephen J. Turnbull]

Kalbfleisch, Gary writes:

 > I personally don't care for CAPTCHA but it exists for a reason.

Sure, the eternal search for easy solutions to difficult problems.

 > If anyone can suggest a better solution I would love to here it.
 > Right now Mailman is being exploited to email bomb individuals and
 > DOS email systems.  This cannot continue.

It's not obvious there are better solutions.  It's pretty obvious that
CAPTCHA is at a stage where serious miscreants won't be slowed much by
it (there are canned solutions, and even in 2009 they were good enough
for automated mischief-making), while it does bother legitimate users.

You're right that it can't continue, but I don't really know if
there's a way out.  It may just not be possible to advertise open-
subscription lists without attracting such abuse.

One thing we could try is to encourage use of OpenID (which Mailman
doesn't support AFAIK, but there may be third-party patches, and I bet
Mark (2.1 series) and Barry (Next Generation) would both be happy to
see it.  I guess mailbomb.com could just automate creation of GMail or
Hotmail accounts, so it wouldn't be a permanent solution.  But it
would be transparent to most users, and some would be actively pleased
by it.