On Wed, Oct 19, 2016 at 3:35 PM, Brett Schenker <bhschen...@gmail.com> wrote: > We're currently looking to implement a combination of preventions with the > leading idea being: > honeypot on sign up pages + IP intelligence + email address intelligence + > coi > > The idea being the honeypot will stop some bots, the IP monitoring will look > for numerous sign ups within a short periond of time (which we currently do > for credit cards) and then also look for email addresses being signed up > acorss clients in a short period of time.
My thought on this is that *I* cannot detect the rate of signups as well as reputation services can. To this end, I use the following algorithm on our list signup forms. The beauty of it is that you really only get to see the CAPTCHA if you are a trouble maker. Normally you will never get presented with it, so it looks like business as usual to everyone else. I do this test both when displaying the form and when processing the form, because bots never fetch the form itself, and humans don't want to fail a captcha they never saw in the first place. 1) Is the remote IP listed in CBL? Yes -> force CAPTCHA 2) Is the remote IP listed in CleanTalk.org/blacklists? Yes -> force CAPTCHA 3) Is the remote IP listed in minFraud open proxies? Yes -> force CAPTCHA Then proceed with the normal signup form, which in our case is always COI for all customers. I do the tests in the above order, and short circuit once I have a positive match. Each of the three services catches about ⅓ of the bad actors, amazingly enough. I do the queries in the order of cost to me, so as to minimize how much I have to spend. :-) I also cache the results. A couple of my customers have asked for 100% CAPTCHA because they wanted a 100% block of the bots. This mechanism I use gets close to 75% of them based on my testing two months ago. If you're the lucky guy who is first hit when the bots get a new IP, you'll be out of luck. But, if you're lower down their list, then likely these guys will have detected that IP by the time they get to you. minFraud will even notify you if they subsequently detect bot activity on an IP you queried, which is nice sometimes to go back and clean up. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop