Matthew,

Which ESPs operate that way? (Hint: none. Most ESPs offer COI, few or
none require it.)

So since that's not happening.......

--
Al Iverson
www.aliverson.com
(312)725-0130


On Wed, May 25, 2016 at 9:45 AM, Matthew Black <matthew.bl...@csulb.edu> wrote:
> Are your customers using confirmed opt-in mailing lists? If not, they should
> not be running mailing lists.
>
>
>
> matthew
>
>
>
>
>
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Vick Khera
> Sent: Tuesday, May 24, 2016 10:18 AM
> To: mailop@mailop.org
> Subject: [mailop] signup form abuse
>
>
>
> As an ESP, we host mailing list signup forms for many customers. Of late, it
> appears they have been getting pounded on with fraudulent signups for real
> addresses. Sometimes the people confirm by clicking the confirmation link in
> the message and we are left scratching our heads as to why they would do
> that. Mostly they get ignored and sometimes they come back as spam
> complaints.
>
>
>
> One opinion I got regarding this was that people were using bots to sign up
> to newsletter lists other bot-driven email addresses at gmail, yahoo, etc.,
> to make those mailboxes look more real before they became "weaponized" for
> use in sending junk. That does not seem to be entirely what is happening
> here...
>
>
>
> Today we got a set of complaints for what appears to be a personal email
> address at a reasonably sized ISP. The complaint clearly identified the
> messages as a signup confirmation message and chastised us for not having
> the form protected by a CAPTCHA. Of course, they blocked some of our IPs for
> good measure :( They characterized it as a DDoS.
>
>
>
> What are the folks on this fine list doing about this kind of abuse? We do
> have ability to turn on CAPTCHA for our customers, but often they have
> nicely integrated the signup forms into their own web sites and making it
> work for those is pretty complicated. If I enabled CAPTCHA naively, the
> subscribers would have to click the submit form twice and then click the
> confirm on the email. The UX for that sucks, but such is the cost of
> allowing jerks on the internet...
>
>
>
> Rate limiting doesn't seem to be useful since the forms are being submitted
> at low rates and from a wide number of IP addresses.
>
>
>
> I look forward to hearing what others here are doing.
>
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to