[prev in list] [next in list] [prev in thread] [next in thread]
List: webappsec
Subject: Re: Suggestion: email anti-spoof measure on web site
From: Georgi Alexandrov <georgi.alexandrov () gmail ! com>
Date: 2006-01-23 10:56:06
Message-ID: 43D4B646.6040301 () gmail ! com
[Download RAW message or body]
mike@sharecube.com wrote:
> These forms, like tell-a-friend are tremendously useful for a business. They allow \
> two or more parties to notify each other of the company's products.
> The preferred answer (from my point of view) is that several email throttle \
> techniques be recommended/required: only permit a few emails within a time span of \
> five or ten minutes. If a site normally only sees one or two consumer uses of this \
> form per hour, suddenly having 300 emails is a sure indicator that they are being \
> exploited. A limit of 10 emails / 5 minutes and a limit of 20 / hour are \
> reasonable.
>
And you can always add eye verification system to those limits ;-)
--
regards,
Georgi Alexandrov
Key Server = http://pgp.mit.edu/ :: KeyID = 37B4B3EE
Key Fingerprint = E429 BF93 FA67 44E9 B7D4 F89E F990 01C1 37B4 B3EE
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic