Recaptcha for subscription requests?
Hello Mailman3 users,
I've seen a massive uptick in bogus subscription requests with real addresses, either being used to DDoS outside mailboxes or just for intrusion/scanning. (It looks like a lot of fake random strings for name and then valid addresses like scanning/scamming tools like Acunetix generate.)
When these hit thousands of gmail addresses they get classified as spam and hurt our overall deliverability.
Has anyone yet built a CAPTCHA integration for the Subscription/Sign Up path?
Regards, --Jered
Hi,
On Fri, Nov 22, 2024 at 03:57:44PM +0000, Jered Floyd wrote:
I've seen a massive uptick in bogus subscription requests with real addresses, either being used to DDoS outside mailboxes or just for intrusion/scanning.
[…]
Has anyone yet built a CAPTCHA integration for the Subscription/Sign Up path?
I have not but I was and am still under 30 to 50 fake subscription requests per day from Tor exit nodes, so I blocked those as discussed in <https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/...>.
Are you seeing the same?
I'm pretty happy with my Tor solution (they are all Tor) but if I start getting some from non-Tor then I'll need to use a CAPTCHA instead.
Thanks, Andy
-- https://bitfolk.com/ -- No-nonsense VPS hosting
Someone suggested to me to integrate a script that checks whether a certain number of seconds has passed between visiting the page and submitting the subscription request. In the script they use, all requests made quicker are getting discarded, which seems to stop most spambots in their tracks.
But I have no idea how to integrate such a script in mailman.
P.S.: This is also becoming a pressing issue with us. It surprises me, that at this point, mailman3 doesn't seem to have any built-in support for anti spam tools.
Cheers,
Johannes
Teilnehmer (3)
-
Andy Smith -
Jered Floyd -
johannes@rohr.org