Richard Damon writes: > These methods are designed to repel "most" attacks.
Sure, that is understood. The problem is that if a particular method is recommended here, there will be a request to add it to Mailman. At that point it becomes worth breaking the defense. > The idea is these bots are written to do as little processing as > needed to find entry vectors. If you are step more difficult than > most, then it isn't worth upgrading the bot to beating the defense, > as the additional processing to get to you costs a lot more sites > not checked. AFAICS this is a myth. I think the bots are probably written to do little processing mostly because the programmers are busy, and parsing is relatively hard to implement well compared to just POSTing a request out of the blue. Certainly the professional spammers lack for neither CPU nor bandwidth, since they have access to botnets. > The one thing the list owner has going is that it is unlikely that > they are a big enough of a unique target to attract a dedicated > spammer. Precisely. That's why these things need to be done on a site by site basis; discussing them here, and especially putting them into the Mailman distributions, is likely to decrease their effectiveness. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
