Are these IP addresses on CBL? Are these addresses in a larger pool, like a Nigerian coffee shop? At some point, you should have a CAPTCHA, and also possibly a list of ranges of known bad actors.
We’ve been so concerned about issues from bad IPs on port 25, that many of us have neglected noticing bad connections on port 443. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Vick Khera Sent: Tuesday, May 24, 2016 10:18 AM To: mailop@mailop.org Subject: [mailop] signup form abuse As an ESP, we host mailing list signup forms for many customers. Of late, it appears they have been getting pounded on with fraudulent signups for real addresses. Sometimes the people confirm by clicking the confirmation link in the message and we are left scratching our heads as to why they would do that. Mostly they get ignored and sometimes they come back as spam complaints. One opinion I got regarding this was that people were using bots to sign up to newsletter lists other bot-driven email addresses at gmail, yahoo, etc., to make those mailboxes look more real before they became "weaponized" for use in sending junk. That does not seem to be entirely what is happening here... Today we got a set of complaints for what appears to be a personal email address at a reasonably sized ISP. The complaint clearly identified the messages as a signup confirmation message and chastised us for not having the form protected by a CAPTCHA. Of course, they blocked some of our IPs for good measure :( They characterized it as a DDoS. What are the folks on this fine list doing about this kind of abuse? We do have ability to turn on CAPTCHA for our customers, but often they have nicely integrated the signup forms into their own web sites and making it work for those is pretty complicated. If I enabled CAPTCHA naively, the subscribers would have to click the submit form twice and then click the confirm on the email. The UX for that sucks, but such is the cost of allowing jerks on the internet... Rate limiting doesn't seem to be useful since the forms are being submitted at low rates and from a wide number of IP addresses. I look forward to hearing what others here are doing.
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
