[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webappsec
Subject:    Re: Suggestion: email anti-spoof measure on web site
From:       Georgi Alexandrov <georgi.alexandrov () gmail ! com>
Date:       2006-01-23 10:56:06
Message-ID: 43D4B646.6040301 () gmail ! com
[Download RAW message or body]


mike@sharecube.com wrote:

> These forms, like tell-a-friend are tremendously useful for a business. They allow \
> two or more parties to notify each other of the company's products. 
> The preferred answer (from my point of view) is that several email throttle \
> techniques be recommended/required: only permit a few emails within a time span of \
> five or ten minutes. If a site normally only sees one or two consumer uses of this \
> form per hour, suddenly having 300 emails is a sure indicator that they are being \
> exploited. A limit of 10 emails / 5 minutes and a limit of 20 / hour are \
> reasonable. 
> 
And you can always add eye verification system to those limits ;-)

-- 
regards,
Georgi Alexandrov

Key Server = http://pgp.mit.edu/ :: KeyID = 37B4B3EE
Key Fingerprint = E429 BF93 FA67 44E9 B7D4  F89E F990 01C1 37B4 B3EE


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]