On Wednesday, 28 January 2015 at 21:12:58 UTC, Vladimir Panteleev
wrote:
On Wednesday, 28 January 2015 at 04:17:12 UTC, Jonathan Marler
wrote:
Just had a thought. You could expose the email addresses only
for users that are logged in. That way the evil robots won't
be able to steal the email addresses but real people can still
access them easily. However, maybe it is meant to be
difficult by design? in which case nevermind :)
Registration on the forum is currently very simple because it
grants no additional privileges. Half of the spam that we had
was coming from registered accounts, so it's not likely to be a
considerable deterrent.
I have thought about (and even implemented, but never enabled)
adding a link which allows getting a user's email address after
solving a CAPTCHA challenge.
I am hesitant to enable this, because:
- The reCAPTCHA MailHide API documentation has been quietly
removed from Google's website.
- The email hiding feature on Google Code now no longer allows
solving a CAPTCHA to get an email address.
Something tells me that in spam economics, a working email
address is worth much more than the cost of solving a CAPTCHA.
Of course, in our case, it would be easy to harvest everyone's
email from the NNTP server. But most spammers don't know that.
They may not have known before but now they do! lol :) Robots
are sniffing our sites with valid accounts! I was not expecting
that...wow. Writing a generic robot that can create accounts and
login with them seems like a tough problem, I'm impressed.