NMS and spam subcribe prevention
Posted: Fri Jun 15, 2007 11:30 am
I already opened a Feature Requests report about that under NMS, but I think that it is more easy do some brain storming here in the forum.
The Feature request is here:
http://dev.cmsmadesimple.org/tracker/in ... 0&atid=120
In the last 2 or 3 month I am getting a lot of fake subscription on daily bases (between 80/100 each day)
all of them as yahoo.com inexistent addresses.
Therefore all the confirmation mail are coming back.
I think this can be stopped using some simple antispam method since it is 100% sure that are done by some automatic system.
The first obvious solution is to use the captcha module in NMS or better, rather than have it as fixed, have an option to use it in the subscription form.
But in my experience captcha is becoming more and more weak and sometime more complicated one are easily interpreted by automatic system and hardly read by end user.
Before using it (or better together with), I would prefer to try other less invasive, from both code and end user point of view, like scrambling the name of the form fields in random way each time.
Automatic system usually scan pages looking for form field with email in the name. With this method I obtained very good result with phpBB that suffer a lot of spamming and has a very weak (or well know) captcha method.
Here are my 2 cents.
Some other has similar problem or other suggestion?
The Feature request is here:
http://dev.cmsmadesimple.org/tracker/in ... 0&atid=120
In the last 2 or 3 month I am getting a lot of fake subscription on daily bases (between 80/100 each day)
all of them as yahoo.com inexistent addresses.
Therefore all the confirmation mail are coming back.
I think this can be stopped using some simple antispam method since it is 100% sure that are done by some automatic system.
The first obvious solution is to use the captcha module in NMS or better, rather than have it as fixed, have an option to use it in the subscription form.
But in my experience captcha is becoming more and more weak and sometime more complicated one are easily interpreted by automatic system and hardly read by end user.
Before using it (or better together with), I would prefer to try other less invasive, from both code and end user point of view, like scrambling the name of the form fields in random way each time.
Automatic system usually scan pages looking for form field with email in the name. With this method I obtained very good result with phpBB that suffer a lot of spamming and has a very weak (or well know) captcha method.
Here are my 2 cents.
Some other has similar problem or other suggestion?