Not new story, people have devised systems to avoid the creation of such accounts: http://bits.blogs.nytimes.com/2013/04/05/fake-twitter-followers-becomes-multimillion-dollar-business/?_r=0
You could for instance use data from http://www.e-hawk.net/ (I'm not endorsing them, just a company that tries to fill that need, there are others, do due diligence) to trust (or not) that the signing up is from a legit person and if not increase the challenge level (CAPCHA and others). On Tue, May 24, 2016 at 11:18 AM, Michael Wise via mailop <mailop@mailop.org > wrote: > Are these IP addresses on CBL? > > Are these addresses in a larger pool, like a Nigerian coffee shop? > > At some point, you should have a CAPTCHA, and also possibly a list of > ranges of known bad actors. > > > > We’ve been so concerned about issues from bad IPs on port 25, that many of > us have neglected noticing bad connections on port 443. > > > > Aloha, > > Michael. > > -- > > *Michael J Wise* | Microsoft | Spam Analysis | "Your Spam Specimen Has > Been Processed." | Got the Junk Mail Reporting Tool > <http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? > > > > *From:* mailop [mailto:mailop-boun...@mailop.org] *On Behalf Of *Vick > Khera > *Sent:* Tuesday, May 24, 2016 10:18 AM > *To:* mailop@mailop.org > *Subject:* [mailop] signup form abuse > > > > As an ESP, we host mailing list signup forms for many customers. Of late, > it appears they have been getting pounded on with fraudulent signups for > real addresses. Sometimes the people confirm by clicking the confirmation > link in the message and we are left scratching our heads as to why they > would do that. Mostly they get ignored and sometimes they come back as spam > complaints. > > > > One opinion I got regarding this was that people were using bots to sign > up to newsletter lists other bot-driven email addresses at gmail, yahoo, > etc., to make those mailboxes look more real before they became > "weaponized" for use in sending junk. That does not seem to be entirely > what is happening here... > > > > Today we got a set of complaints for what appears to be a personal email > address at a reasonably sized ISP. The complaint clearly identified the > messages as a signup confirmation message and chastised us for not having > the form protected by a CAPTCHA. Of course, they blocked some of our IPs > for good measure :( They characterized it as a DDoS. > > > > What are the folks on this fine list doing about this kind of abuse? We do > have ability to turn on CAPTCHA for our customers, but often they have > nicely integrated the signup forms into their own web sites and making it > work for those is pretty complicated. If I enabled CAPTCHA naively, the > subscribers would have to click the submit form twice and then click the > confirm on the email. The UX for that sucks, but such is the cost of > allowing jerks on the internet... > > > > Rate limiting doesn't seem to be useful since the forms are being > submitted at low rates and from a wide number of IP addresses. > > > > I look forward to hearing what others here are doing. > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
