Verification sign up links

> And if so , Would it not be a good idea to separate the url and signup

verification code in the welcome email *now* rather than doing a rewrite
later given that non geeks tend not to update any apps they install on
their webspace in case it stops working .

Well you got my attention - but I don't follow - may have something to do
with the wine I have consumed...

could you expand on separating the url and signup verification code?

Thanks.

Michael

<comp.lang.php , Michael Phipps ,
gr********************@optusnet.com.au>
<42***********************@news.optusnet.com.au>
<Tue, 26 Jul 2005 22:10:49 +1000>

And if so , Would it not be a good idea to separate the url and signup
verification code in the welcome email *now* rather than doing a rewrite
later given that non geeks tend not to update any apps they install on
their webspace in case it stops working .

Well you got my attention - but I don't follow - may have something to do
with the wine I have consumed...

could you expand on separating the url and signup verification code?

Spammers register on phpbb forums etc but they dont verify the signup by
clicking on the verification link in the welcome email as the spammers
use a bogus email address and dont receive the welcome email .

www.blah.com/?43543654365436

www.blah.com

43543654365436

If separated would this not make things a bit harder for the spammer
bots to verify the signup & then auto post spam to the forum .

As spamming methods evolve like everything else - isnt just a matter of
time the spammers figure out a way to receive the welcome email and
verify the signup .

> If separated would this not make things a bit harder for the spammer

bots to verify the signup & then auto post spam to the forum .

As spamming methods evolve like everything else - isnt just a matter of
time the spammers figure out a way to receive the welcome email and
verify the signup .

OK- separating the url and code would be a slow down technique - but of
course, that's assuming the spammer uses an address that receives the email
(as you already pointed out)

By having a real mail box that the spam script uses to receive and validate
welcome emails, isn't the spammer easier to track down and shutdown? I
think those "type the letters in the above graphic" systems are a more
effective method to prevent automatic sign up, and they aren't too difficult
to implement.

Michael

<comp.lang.php , Michael Phipps ,
gr********************@optusnet.com.au>
<42***********************@news.optusnet.com.au>
<Wed, 27 Jul 2005 08:33:53 +1000>

OK- separating the url and code would be a slow down technique - but of
course, that's assuming the spammer uses an address that receives the email
(as you already pointed out)

By having a real mail box that the spam script uses to receive and validate
welcome emails, isn't the spammer easier to track down and shutdown? I
think those "type the letters in the above graphic" systems are a more
effective method to prevent automatic sign up, and they aren't too difficult
to implement.

Some servers dont have gd or imagemagic and cant use a image code .

Either way if there is a way to do it then rest assured the spammers
will find it or think of it .

On Tue, 26 Jul 2005 15:26:04 +0100, Peter Kerr
<we*******@sparesorrepair.co.uk.INVALID> wrote:

Spammers register on phpbb forums etc but they dont verify the signup by
clicking on the verification link in the welcome email as the spammers
use a bogus email address and dont receive the welcome email .
True, some of the time.
www.blah.com/?43543654365436
v.s.
www.blah.com 43543654365436 If separated would this not make things a bit harder for the spammer
bots to verify the signup & then auto post spam to the forum .
For now. It could also make things unnecessarily harder for nubies to
register for - it's a trade-off, but it's worth considering in certain
circumstances. It's effectively the same as getting your credit card
and PIN on separate days in separate envelopes.
As spamming methods evolve like everything else - isnt just a matter of
time the spammers figure out a way to receive the welcome email and
verify the signup .

Yes and it's also just a matter of time until they use a throw-away
e-mail account to collect both e-mail's and combine them.

Everything evolves (trolls excluded ;-) - including crackers' attempts
at bypassing "security" measures, so deal with the real/current issues
now and re-visit your solution as "security" measures as
spammers'/crackers' responses to them evolve in parallel.

--
------------------------------------------------------------------
- Stuart Millington ALL HTML e-mail rejected -
- mailto:ph***@dsv1.co.uk http://w3.z-add.co.uk/ -

On Wed, 27 Jul 2005 08:33:53 +1000, "Michael Phipps"
<gr********************@optusnet.com.au> wrote:

By having a real mail box that the spam script uses to receive and validate
welcome emails, isn't the spammer easier to track down and shutdown? I
That depends on the logs of the "ISP" that provides the throw away, or
trojaned, accounts that they are using :-(
think those "type the letters in the above graphic" systems are a more
effective method to prevent automatic sign up, and they aren't too difficult
to implement.

But, they are not trivial to implement in a manner that allows
disabled access - a legal requirement in many countries.

--
------------------------------------------------------------------
- Stuart Millington ALL HTML e-mail rejected -
- mailto:ph***@dsv1.co.uk http://w3.z-add.co.uk/ -

<comp.lang.php , Stuart Millington , ne**@dsv1.co.uk>
<hi********************************@4ax.com>
<Wed, 27 Jul 2005 01:11:53 +0100>

Everything evolves (trolls excluded ;-)

Then your obviously not very good at trolling & you should stick to what
you know .