Matthew, Which ESPs operate that way? (Hint: none. Most ESPs offer COI, few or none require it.)
So since that's not happening....... -- Al Iverson www.aliverson.com (312)725-0130 On Wed, May 25, 2016 at 9:45 AM, Matthew Black <matthew.bl...@csulb.edu> wrote: > Are your customers using confirmed opt-in mailing lists? If not, they should > not be running mailing lists. > > > > matthew > > > > > > From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Vick Khera > Sent: Tuesday, May 24, 2016 10:18 AM > To: mailop@mailop.org > Subject: [mailop] signup form abuse > > > > As an ESP, we host mailing list signup forms for many customers. Of late, it > appears they have been getting pounded on with fraudulent signups for real > addresses. Sometimes the people confirm by clicking the confirmation link in > the message and we are left scratching our heads as to why they would do > that. Mostly they get ignored and sometimes they come back as spam > complaints. > > > > One opinion I got regarding this was that people were using bots to sign up > to newsletter lists other bot-driven email addresses at gmail, yahoo, etc., > to make those mailboxes look more real before they became "weaponized" for > use in sending junk. That does not seem to be entirely what is happening > here... > > > > Today we got a set of complaints for what appears to be a personal email > address at a reasonably sized ISP. The complaint clearly identified the > messages as a signup confirmation message and chastised us for not having > the form protected by a CAPTCHA. Of course, they blocked some of our IPs for > good measure :( They characterized it as a DDoS. > > > > What are the folks on this fine list doing about this kind of abuse? We do > have ability to turn on CAPTCHA for our customers, but often they have > nicely integrated the signup forms into their own web sites and making it > work for those is pretty complicated. If I enabled CAPTCHA naively, the > subscribers would have to click the submit form twice and then click the > confirm on the email. The UX for that sucks, but such is the cost of > allowing jerks on the internet... > > > > Rate limiting doesn't seem to be useful since the forms are being submitted > at low rates and from a wide number of IP addresses. > > > > I look forward to hearing what others here are doing. > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop