View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0008219||phpList 3 application||Subscribe Process||public||12-10-06 01:21||21-06-18 13:01|
|Target Version||Fixed in Version|
|Summary||0008219: spam prevention, by using a traplist|
|Description||Spammers that have scripts to automatically subscribe tick every available list, so adding a Traplist would catch them. |
See also http://forums.phplist.com/viewtopic.php?p=22779
A link to an article on alternate strategies for spam prevention was posted by clee991 ( http://forums.phplist.com/viewtopic.php?p=24063#24063 ). This is an interesting part of that article:
Sure, in particular after I write this article, attackers may catch on. But there are many ways to mark a form field as "invisible". You can randomize the names of your form fields to further confuse them. In short: you again increased the workload on the spammer without affecting the regular user. For a sample, just take a look at our contact form. We received only about 3 or 4 pieces of spam after implementing this last week. Usually we received dozens of pieces of spam a day.
All modern browsers do support style sheets, and for those that don't you can leave a little note in the form telling them whats going on. The fact that still some spam makes it past this method suggests that there is some manual spamming going on. But its minimal... and sure, lets have them hire armies of spaminators to have them submit these forms. Either way you succeeded in making spam more expensive and shifting the economics against it."
what a fantastic idea. One of those "why didn't I think of that first".
One to add for sure.
USE_SPAM_BLOCK implements the hidden field and has been there for some time now. Would be interesting to know how effective it is though.
The spam trap list is still an idea. Also, there are now subscription based services for this, like Mollom and Akismet. Next step would be to use http://www.phplist.com/formspamclass and add configuration of it.