No, you didn’t. Point taken. But nowadays, CAPTCHAs are pointless. Find another way. If only because something ELSE will force them to write custom code.
Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Got the Junk Mail Reporting Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? From: mailop <mailop-boun...@mailop.org> On Behalf Of Rob McEwen via mailop Sent: Thursday, May 9, 2019 4:20 PM To: mailop@mailop.org Subject: Re: [mailop] Howto be a good mailop (best practice / insights wanted) I never claimed that CAPTCHA is FUSSP - it isn't. ("strawman's arg") And I realize that CAPTCHA can be defeated. That part wasn't news to me. HOWEVER: (1) never let the quest for perfection get in the way of achievable incremental improvements (which is EXACTLY what Rich and Michael are doing!) (2) just because a criminal or spammer *can* do something - doesn't mean that it is feasible or easy or economical for them to deploy that strategy EVERYWHERE - which is what their arguments against CAPTCHA-protecting forms require. (3) NOT every web form or "lead magnet" page is a big target. For every one such form on a large Fortune 100 company's site (like what Michael has to deal with) - for every one such high-profile form - there are literally hundreds of thousands of web forms on small sole proprietor's web sites and other small and medium-sized businesses' web sites. In MOST of the instances where a bot does submissions to their forms, the botmaster is simply not going to consider it worth the cost/effort to try to defeat CAPTCHA, should that be added. (4) Many of those SAME organizations are going to find adding CAPTCHA their webform - to be relatively easy and within their budget or within their internal technical abilities. SMS... not so much. And many automated SMS implementation are costly - often costing about 10K/year just to get onboard ("let them eat cake" - is how this is starting to come across... I'm sure that is chump changes to many of you reading this - but for many "mom and pop" companies running "lead magnets" web forms for their small-ish ecommerce business - that is NOT affordable.) (5) meanwhile, a massive percentage of sites are doing NONE of this. It would be better for them to do CAPTCHA than nothing. Even though CAPTCHA can be defeated, most of those sites are visible enough to have their forms attacked by bots, but likely too small for a spammer or hacker to find it worth their time to use CAPTCHA-defeating techniques on them. (Plus - when I brought this up - I was originally referring to signup forms - not login forms. I think that point got confused, too.) Rob McEwen On 5/9/2019 6:10 PM, Michael Wise via mailop wrote: Y’all who trumpet CAPTCHA as the FUSSP need to know who’s on the opposing team: http://scraping.pro/8-best-captcha-solving-services-and-tools/<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscraping.pro%2F8-best-captcha-solving-services-and-tools%2F&data=02%7C01%7Cmichael.wise%40microsoft.com%7C7ab56938eee7459e755908d6d4d62a08%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636930413629468295&sdata=yn6tTXeqQEhCt92AUDWCNPuXTWuKsDhoqpmhf7yTIUQ%3D&reserved=0> You’re going to need to think about an SMS challenge as a basic, entry level requirement. -AND- On 5/9/2019 5:53 PM, Rich Kulawiec via mailop wrote: No, you shouldn't. I'm going to quote something that I just sent elsewhere, so my apologies to anyone who's seen it. Captchas are a worst practice.<snip> -- Rob McEwen https://www.invaluement.com<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.invaluement.com&data=02%7C01%7Cmichael.wise%40microsoft.com%7C7ab56938eee7459e755908d6d4d62a08%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636930413629478305&sdata=ylIWAwjYV52%2Bve%2BKvdWLPsQ2MBEAjzaz4Dq%2BGhoFtuk%3D&reserved=0>
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
