Agreed. years ago I wrote a BP document for a former employer wherein the bottom line was no customizable fields for public-facing UGC mechanisms. The criminals will find them before your legitimate users will, always. expect to find 419 offers and porn & malware links in there instantaneously.
typically these days, as I’m sure you know share exhortations tend to cluster around social networks Facebook/Twitter/Google+, etcetera, as rich suggests, having you share-by-email function launch a pre-propogated email sent from the user’s own mail client is the way to go if they really ut generate their own content, I’d imagine for messaging purposes, retaining control over what is said is probably preferable (Ask Bill Cosby about how inviting people to comment on their own can end, for example). Neil Schwartzman Executive Director Coalition Against Unsolicited Commercial Email http://cauce.org Tel : (303) 800-6345 Twitter : @cauce > On Jan 20, 2015, at 05:43, Rich Kulawiec <r...@gsp.org> wrote: > > On Mon, Jan 19, 2015 at 03:18:28PM +0200, Gil Bahat wrote: >> [...] using the built-in content invite mechanism. > > Step 1: remove that permanently. It's an abuse magnet, like "email > this link to a friend", and while there are ways to mitigate some of > abuse your site will emanate as a result of it, the only truly effective > way is to get rid of it. > > If someone wishes to point out content on your site to a third party, > then either (a) they're perfectly capable of composing an email message > doing so and sending it to their correspondents or (b) they're not. > (a) does not involve you and thus doesn't present you with an abuse > problem to solve. (b) doesn't present anyone with an abuse problem. > > All mechanisms like this are examples of the general problem that > results when one allows third parties to generate *outbound* traffic > from one's operation to arbitrary destinations. Like open DNS resolvers > and open SMTP relays, the best way to deal with these is not to have them. > > ---rsk > > _______________________________________________ > mailop mailing list > mailop@mailop.org > http://chilli.nosignal.org/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
