On Sun, May 06, 2001 at 11:41:12PM -0500, George Waring wrote:
In my opinion, this is the easiest course of action. Unfortunately, I'm on a couple of lists that see spam in spite of this rule being in effect. Spammers will subscribe, spam, then unsubscribe all in the space of time that it takes to run their nasty little script.
There are a couple of measures to try to defeat this kind of five minute subscriber.
The first and easiest is to make subscription into a two step process. The potential subscriber e-mails the list server (or fills in a web form) and this results in a confirmation token (something based on a random or pseudo random number) being mailed to the subscription address. Only when an e-mail is received by the list server from the subscription address quoting the correct token is the address actually subscribed.
The above scheme primarily protects users from being subscribed malliciously by others, but it has the side effect of complicating the process or spamming the list to the point that most spammers hopefully wont bother.
If too many of them _do_ bother then the second option is to require subscription requests be approved.
Steve.