On Tue, 26 Jul 2005 15:26:04 +0100, Peter Kerr
<we*******@sparesorrepair.co.uk.INVALID> wrote:
Spammers register on phpbb forums etc but they dont verify the signup by
clicking on the verification link in the welcome email as the spammers
use a bogus email address and dont receive the welcome email .
True, some of the time.
www.blah.com/?43543654365436
v.s.
www.blah.com
43543654365436
If separated would this not make things a bit harder for the spammer
bots to verify the signup & then auto post spam to the forum .
For now. It could also make things unnecessarily harder for nubies to
register for - it's a trade-off, but it's worth considering in certain
circumstances. It's effectively the same as getting your credit card
and PIN on separate days in separate envelopes.
As spamming methods evolve like everything else - isnt just a matter of
time the spammers figure out a way to receive the welcome email and
verify the signup .
Yes and it's also just a matter of time until they use a throw-away
e-mail account to collect both e-mail's and combine them.
Everything evolves (trolls excluded ;-) - including crackers' attempts
at bypassing "security" measures, so deal with the real/current issues
now and re-visit your solution as "security" measures as
spammers'/crackers' responses to them evolve in parallel.
--
------------------------------------------------------------------
- Stuart Millington ALL HTML e-mail rejected -
- mailto:ph***@dsv1.co.uk
http://w3.z-add.co.uk/ -