Lachlan Hunt <[EMAIL PROTECTED]> wrote:
"[...] Why do you think it's safe to assume that bad bots won't send
User-Agent headers claiming to be IE, Firefox or any other browser they
like? Even if some bots do send different UA strings, this script relies on
a false assumption and, thus, provides a false sense of security. [...]"
---
Hello Lachan,
I'm not assuming anything (I try not to do that). I do know that 'bots can
mask themselves, this has been on my mind. But I don't know how often this
is done or what the risk levels are. It's not like I'm "distributing" this
or billing it as a fool-proof method. It is an experiment; a test. I'm
trying to make something useful. And I do have a disclaimer. That entire
site, mikecherim.com, is just for experiments. A sandbox if you will.
It is for this reason I have posted here with the WSG: to test it in the
field and to get feedback. To discover the problems and possible loopholes.
I have that email address on one place on the web and that's on that page,
so that is part of the test as well. My mailbox is waiting to see what
happens.
The sad part is, even if it can be made fully capable of its assigned task
and become a popular and accessible solution, new spam-bot builds would
probably have a work-around built into their new versions within months.
Unfortunately, if people are allowed to communicate with us or post to our
sites, we can only hope to slow down or stay just slightly ahead to the bad
guys.
Thanks for your feedback.
Sincerely,
Mike Cherim
http://green-beast.com/
http://accessites.org/
http://graybit.com/
******************************************************
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list & getting help
******************************************************
