On 1/30/20 1:50 AM, Gila Halpern wrote:
I've been looking into ways to prevent spam on my company's list, and one thing I came across was the SUBSCRIBE_FORM_SECRET option in the Mailman configuration, which embeds a CSRF token into the form, and prevents it from being submitted until five seconds after it renders, to keep bots from subscribing. Unfortunately, the information I found pertained to Mailman 2. Does this option exist in MM3 as well, or is there a similar option?
This feature in MM 2.1 is not very effective. On mail.python.org, this feature as well as reCAPTCHA is enabled (e.g. <https://mail.python.org/mailman/listinfo/mailman-users>) and we still get periodic attacks of robotic subscribes that get around these measures.
To answer your question, no, this does not exist in Postorius which is an entirely different, Django based web UI. Django may have some protections built in; I'm not sure about that, but there's nothing in Postorius itself like this MM 2.1 feature.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan