From a84c03aaa616d8e3de75d581954d8af45afe6464 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 3 Jun 2018 10:43:05 +0200 Subject: [PATCH] actually Mailan 2.1.26 supports reCAPTCHA --- .../2018-06-02-mailman-subscription-spam.md | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/personal/_posts/2018-06-02-mailman-subscription-spam.md b/personal/_posts/2018-06-02-mailman-subscription-spam.md index 237153c..3c29d1f 100644 --- a/personal/_posts/2018-06-02-mailman-subscription-spam.md +++ b/personal/_posts/2018-06-02-mailman-subscription-spam.md @@ -20,14 +20,17 @@ spam. So, more than enough reasons to try and stop this. ### The Big Guns My first reaction was to go and look for a way to add a CAPTCHA to the -subscription page. Unfortunately, Mailman itself does not support a CAPTCHA (at -least not Mailman 2), and the existing patches I found were all about adding -support for Google's reCAPTCHA. I am not going to expose my users to Google's -tracking like that, nor am I willing to actively discriminate against people not -having Google accounts (reCAPTCHA is much more annoying if Google can't track -you because you are not logged in), so reCAPTCHA was clearly not an option. -Instead, the plan was to look at one of these patches and implement a simple -question-and-answer CAPTCHA myself. +subscription page. Unfortunately, Mailman 2 itself only very recently (with +version 2.1.26) gained support for CAPTCHAs, and even that just supports +Google's reCAPTCHA. I am not going to expose my users to Google's tracking like +that, nor am I willing to actively discriminate against people not having Google +accounts (reCAPTCHA is much more annoying if Google can't track you because you +are not logged in), so reCAPTCHA was clearly not an option. Instead, the plan +was to look at one of the patches that add CAPTCHA support to older versions of +Mailman and implement a simple question-and-answer CAPTCHA myself. + +**Update:** I previously claimed Mailman 2 does not support CAPTCHAs at all, + which turned out to be incorrect. **/Update** ### Keep It Simple @@ -53,7 +56,5 @@ with a recent enough version (if you use backports on Debian 7 "Wheezy"). The more people do this, the more it will help to stop this kind of spam. Or rather, it'll force the spammers to upgrade their game. I assume eventually I *will* have to add a CAPTCHA. Or maybe there is a simple and reliable way to -migrate to Mailman 3 before that happens---and maybe that will have a CAPTCHA. -(Though, from a quick search, it doesn't seem like it does, which I find pretty -surprising. If my tiny servers are abused like this, I assume it's a really -common problem and Mailman should protect against it per default.) +migrate to Mailman 3 before that happens---and maybe that will have more +reasonable CAPTCHA options, something beyond just reCAPTCHA. -- 2.30.2