This document can be of use: https://www.m3aawg.org/documents/en/maawg-vetting-best-common-practices-bcp
Also, you may want to look at e-hawk.net On Wed, Oct 19, 2016 at 1:27 PM, Vick Khera <vi...@khera.org> wrote: > On Wed, Oct 19, 2016 at 3:35 PM, Brett Schenker <bhschen...@gmail.com> > wrote: > > We're currently looking to implement a combination of preventions with > the > > leading idea being: > > honeypot on sign up pages + IP intelligence + email address intelligence > + > > coi > > > > The idea being the honeypot will stop some bots, the IP monitoring will > look > > for numerous sign ups within a short periond of time (which we currently > do > > for credit cards) and then also look for email addresses being signed up > > acorss clients in a short period of time. > > My thought on this is that *I* cannot detect the rate of signups as > well as reputation services can. To this end, I use the following > algorithm on our list signup forms. The beauty of it is that you > really only get to see the CAPTCHA if you are a trouble maker. > Normally you will never get presented with it, so it looks like > business as usual to everyone else. I do this test both when > displaying the form and when processing the form, because bots never > fetch the form itself, and humans don't want to fail a captcha they > never saw in the first place. > > 1) Is the remote IP listed in CBL? Yes -> force CAPTCHA > 2) Is the remote IP listed in CleanTalk.org/blacklists? Yes -> force > CAPTCHA > 3) Is the remote IP listed in minFraud open proxies? Yes -> force CAPTCHA > > Then proceed with the normal signup form, which in our case is always > COI for all customers. I do the tests in the above order, and short > circuit once I have a positive match. Each of the three services > catches about ⅓ of the bad actors, amazingly enough. I do the queries > in the order of cost to me, so as to minimize how much I have to > spend. :-) I also cache the results. > > A couple of my customers have asked for 100% CAPTCHA because they > wanted a 100% block of the bots. This mechanism I use gets close to > 75% of them based on my testing two months ago. > > If you're the lucky guy who is first hit when the bots get a new IP, > you'll be out of luck. But, if you're lower down their list, then > likely these guys will have detected that IP by the time they get to > you. minFraud will even notify you if they subsequently detect bot > activity on an IP you queried, which is nice sometimes to go back and > clean up. > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop