top | item 21327731

(no title)

zawerf | 6 years ago

CAPTCHA isn't just a matter of protecting your site. One of the most evil attacks nowadays is "Distributed Spam Distraction", where you spam your victim with thousands of emails per second so an important email (e.g., fraudulent purchases) gets lost in the noise.

How do you do this in a world with decent spam filters? By using the victim's email to sign up for real services so they get hit with a welcome email. Because these are real services, spam filter won't catch it. This can only be done with services that have sign up forms that are easily automated.

The most evil thing here is your email is crippled even after the attack is over because these real companies will keep sending you newsletter and it's impossible to unsubscribe to them all.

discuss

jazoom|6 years ago

You've just reminded me I really need to use unique email addresses for each service.

ryankrage77|6 years ago

If you use gmail, you can add a + followed by anything and it goes to the same mailbox.

For example, if signing up to drop, I might use myemail+drop@gmail.com

Makes it very easy to see which services are selling the address you provide to advertisers