Recaptcha for subscription requests?
Hello Mailman3 users,
I've seen a massive uptick in bogus subscription requests with real addresses, either being used to DDoS outside mailboxes or just for intrusion/scanning. (It looks like a lot of fake random strings for name and then valid addresses like scanning/scamming tools like Acunetix generate.)
When these hit thousands of gmail addresses they get classified as spam and hurt our overall deliverability.
Has anyone yet built a CAPTCHA integration for the Subscription/Sign Up path?
Regards, --Jered
Hi,
On Fri, Nov 22, 2024 at 03:57:44PM +0000, Jered Floyd wrote:
I've seen a massive uptick in bogus subscription requests with real addresses, either being used to DDoS outside mailboxes or just for intrusion/scanning.
[…]
Has anyone yet built a CAPTCHA integration for the Subscription/Sign Up path?
I have not but I was and am still under 30 to 50 fake subscription requests per day from Tor exit nodes, so I blocked those as discussed in <https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/BHOATUV7DPWYVEFVGT652YTYYE3XXMHC/>.
Are you seeing the same?
I'm pretty happy with my Tor solution (they are all Tor) but if I start getting some from non-Tor then I'll need to use a CAPTCHA instead.
Thanks, Andy
-- https://bitfolk.com/ -- No-nonsense VPS hosting
participants (2)
-
Andy Smith
-
Jered Floyd