By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,980 Members | 877 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,980 IT Pros & Developers. It's quick & easy.

Verification sign up links

P: n/a
SOR
Although this currently defeats the spam bots in some respects - isnt it
just a mater of time before the spammers figure out a way to verify a
signup via email using rotating disposable email addresses or whatever .

And if so , Would it not be a good idea to separate the url and signup
verification code in the welcome email *now* rather than doing a rewrite
later given that non geeks tend not to update any apps they install on
their webspace in case it stops working .
Jul 25 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
> And if so , Would it not be a good idea to separate the url and signup
verification code in the welcome email *now* rather than doing a rewrite
later given that non geeks tend not to update any apps they install on
their webspace in case it stops working .


Well you got my attention - but I don't follow - may have something to do
with the wine I have consumed...

could you expand on separating the url and signup verification code?

Thanks.

Michael
Jul 26 '05 #2

P: n/a
SOR
<comp.lang.php , Michael Phipps ,
gr********************@optusnet.com.au>
<42***********************@news.optusnet.com.au>
<Tue, 26 Jul 2005 22:10:49 +1000>
And if so , Would it not be a good idea to separate the url and signup
verification code in the welcome email *now* rather than doing a rewrite
later given that non geeks tend not to update any apps they install on
their webspace in case it stops working .


Well you got my attention - but I don't follow - may have something to do
with the wine I have consumed...

could you expand on separating the url and signup verification code?


Spammers register on phpbb forums etc but they dont verify the signup by
clicking on the verification link in the welcome email as the spammers
use a bogus email address and dont receive the welcome email .

www.blah.com/?43543654365436

www.blah.com

43543654365436

If separated would this not make things a bit harder for the spammer
bots to verify the signup & then auto post spam to the forum .

As spamming methods evolve like everything else - isnt just a matter of
time the spammers figure out a way to receive the welcome email and
verify the signup .

Jul 26 '05 #3

P: n/a
> If separated would this not make things a bit harder for the spammer
bots to verify the signup & then auto post spam to the forum .

As spamming methods evolve like everything else - isnt just a matter of
time the spammers figure out a way to receive the welcome email and
verify the signup .


OK- separating the url and code would be a slow down technique - but of
course, that's assuming the spammer uses an address that receives the email
(as you already pointed out)

By having a real mail box that the spam script uses to receive and validate
welcome emails, isn't the spammer easier to track down and shutdown? I
think those "type the letters in the above graphic" systems are a more
effective method to prevent automatic sign up, and they aren't too difficult
to implement.

Michael
Jul 26 '05 #4

P: n/a
SOR
<comp.lang.php , Michael Phipps ,
gr********************@optusnet.com.au>
<42***********************@news.optusnet.com.au>
<Wed, 27 Jul 2005 08:33:53 +1000>
OK- separating the url and code would be a slow down technique - but of
course, that's assuming the spammer uses an address that receives the email
(as you already pointed out)

By having a real mail box that the spam script uses to receive and validate
welcome emails, isn't the spammer easier to track down and shutdown? I
think those "type the letters in the above graphic" systems are a more
effective method to prevent automatic sign up, and they aren't too difficult
to implement.


Some servers dont have gd or imagemagic and cant use a image code .

Either way if there is a way to do it then rest assured the spammers
will find it or think of it .
Jul 26 '05 #5

P: n/a
On Tue, 26 Jul 2005 15:26:04 +0100, Peter Kerr
<we*******@sparesorrepair.co.uk.INVALID> wrote:
Spammers register on phpbb forums etc but they dont verify the signup by
clicking on the verification link in the welcome email as the spammers
use a bogus email address and dont receive the welcome email .
True, some of the time.
www.blah.com/?43543654365436
v.s.
www.blah.com 43543654365436 If separated would this not make things a bit harder for the spammer
bots to verify the signup & then auto post spam to the forum .
For now. It could also make things unnecessarily harder for nubies to
register for - it's a trade-off, but it's worth considering in certain
circumstances. It's effectively the same as getting your credit card
and PIN on separate days in separate envelopes.
As spamming methods evolve like everything else - isnt just a matter of
time the spammers figure out a way to receive the welcome email and
verify the signup .


Yes and it's also just a matter of time until they use a throw-away
e-mail account to collect both e-mail's and combine them.

Everything evolves (trolls excluded ;-) - including crackers' attempts
at bypassing "security" measures, so deal with the real/current issues
now and re-visit your solution as "security" measures as
spammers'/crackers' responses to them evolve in parallel.

--
------------------------------------------------------------------
- Stuart Millington ALL HTML e-mail rejected -
- mailto:ph***@dsv1.co.uk http://w3.z-add.co.uk/ -
Jul 27 '05 #6

P: n/a
On Wed, 27 Jul 2005 08:33:53 +1000, "Michael Phipps"
<gr********************@optusnet.com.au> wrote:
By having a real mail box that the spam script uses to receive and validate
welcome emails, isn't the spammer easier to track down and shutdown? I
That depends on the logs of the "ISP" that provides the throw away, or
trojaned, accounts that they are using :-(
think those "type the letters in the above graphic" systems are a more
effective method to prevent automatic sign up, and they aren't too difficult
to implement.


But, they are not trivial to implement in a manner that allows
disabled access - a legal requirement in many countries.

--
------------------------------------------------------------------
- Stuart Millington ALL HTML e-mail rejected -
- mailto:ph***@dsv1.co.uk http://w3.z-add.co.uk/ -
Jul 27 '05 #7

P: n/a
SOR
<comp.lang.php , Stuart Millington , ne**@dsv1.co.uk>
<hi********************************@4ax.com>
<Wed, 27 Jul 2005 01:11:53 +0100>
Everything evolves (trolls excluded ;-)


Then your obviously not very good at trolling & you should stick to what
you know .
Jul 27 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.