This document can be of use:
https://www.m3aawg.org/documents/en/maawg-vetting-best-common-practices-bcp

Also, you may want to look at e-hawk.net

On Wed, Oct 19, 2016 at 1:27 PM, Vick Khera <vi...@khera.org> wrote:

> On Wed, Oct 19, 2016 at 3:35 PM, Brett Schenker <bhschen...@gmail.com>
> wrote:
> > We're currently looking to implement a combination of preventions with
> the
> > leading idea being:
> > honeypot on sign up pages + IP intelligence + email address intelligence
> +
> > coi
> >
> > The idea being the honeypot will stop some bots, the IP monitoring will
> look
> > for numerous sign ups within a short periond of time (which we currently
> do
> > for credit cards) and then also look for email addresses being signed up
> > acorss clients in a short period of time.
>
> My thought on this is that *I* cannot detect the rate of signups as
> well as reputation services can. To this end, I use the following
> algorithm on our list signup forms. The beauty of it is that you
> really only get to see the CAPTCHA if you are a trouble maker.
> Normally you will never get presented with it, so it looks like
> business as usual to everyone else. I do this test both when
> displaying the form and when processing the form, because bots never
> fetch the form itself, and humans don't want to fail a captcha they
> never saw in the first place.
>
> 1) Is the remote IP listed in CBL? Yes -> force CAPTCHA
> 2) Is the remote IP listed in CleanTalk.org/blacklists?  Yes -> force
> CAPTCHA
> 3) Is the remote IP listed in minFraud open proxies? Yes -> force CAPTCHA
>
> Then proceed with the normal signup form, which in our case is always
> COI for all customers. I do the tests in the above order, and short
> circuit once I have a positive match. Each of the three services
> catches about ⅓ of the bad actors, amazingly enough. I do the queries
> in the order of cost to me, so as to minimize how much I have to
> spend. :-)  I also cache the results.
>
> A couple of my customers have asked for 100% CAPTCHA because they
> wanted a 100% block of the bots. This mechanism I use gets close to
> 75% of them based on my testing two months ago.
>
> If you're the lucky guy who is first hit when the bots get a new IP,
> you'll be out of luck. But, if you're lower down their list, then
> likely these guys will have detected that IP by the time they get to
> you. minFraud will even notify you if they subsequently detect bot
> activity on an IP you queried, which is nice sometimes to go back and
> clean up.
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to