On Sat, Apr 28, 2007 at 12:21:12AM -0400, Stuart D. Gathman wrote:
Your way: you get a bogus bounce for each e-card sent by the meanie.
Which is rate limited, fine, but still is more than one with relatively
little effort.
Alex's way: you get a bogus bounce for each time the meanie enters
your email to create an account.
Not just an email address. See cookie #1. More effort and less result.
There's only one mail per malicious subscription. There's more than one
bounce if that same person can send ten e-cards.
(BTW it's not a bounce, it is a message which is sent in "my way")
In both cases, you already limit the number of time they can do that by IP.
I don't see the advantage to requiring accounts, Alex.
* General principle: know who is using your service. In this case,
knowing the (verified) email address is good enough.
* One mail (per try) instead of more than one bounce (per email
address, IP address)
* Sending unsollicited mail is bad, but the following example at least
sucks less than a misdirected bounce:
"
Someone, presumably you, asked us to send this invite. The request came
from $IP_ADDRESS ($RDNS). If this is not you, please accept our apologies
and please complain to their ISP.
If you reply to this message, leave the subject int... yadda yadda yadda
"
I'm sure I can think of more if I really try.
cheers
alex
-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com