Originally posted by OneTimeShot
View Post
Announcement
Collapse
No announcement yet.
The Increasing Problem Of FOSS Mailing List Flooding Attacks
Collapse
X
-
Last edited by biergaizi; 11 May 2015, 03:51 AM.
-
Originally posted by OneTimeShot View Post
See my previous post. Modern email has protection against this (DNS based authentication).
Comment
-
Originally posted by biergaizi View Post
Another issue is that it was very common for FOSS developers to use a forwarding-only mail address (@gnu.org, @fedoraproject.org, etc) to receive mails, and let another mail server/provider to send mails, and calm mails are from that address. Strict DNS checks break people's workflow by preventing people to do it.
None of the stuff you describe works any more, because as you say it's open to abuse.
Comment
-
Originally posted by Luke View PostAn additional problem with reCaptcha is this: When connecting to a site via Tor, you get unsolvable foreign language CAPTCHA's that usually cannot be solved by directly figuring out the distorted characters without reference to the rest of the text, which is in a language you cannot read. Whenever I encounter a foreign language reCAPTCHA on a site I must connect to with Tor, I consider the site broken beyond use, close the window, and do not return. I do not tolerate reCAPTCHA's use on any website I control.
Comment
-
Originally posted by OneTimeShot View Post
Seriously, go and read RFC 7208. In order to act as a mail-server for a domain (and have your mail received by people who use gmail or anything), your outgoing mail-server *must* be identified in the domain's TXT record. Then you need to have a certificate as well (although that's a little less critical). If you forget to do this, not only will nothing you send ever arrive, but your domain will get permanently blacklisted within a couple of days.
Comment
-
Originally posted by toyotabedzrock View PostI would suggest you move away from mailing lists. It has always perplexed me why such an inefficient system is used. The system is great for bots and bad for end users.
I'd say its due to a combination of network effects and the need for a completely decentralized system, not to mention the desire to allow developers to use whatever tools they prefer. I've found the easiest way to consume them is with an NTP client and Gmane, which is itself a recognition that the current design could use some work.
I don't think we're going to see anyone moving away from them until a suitable alternative exists. My personal suspicion is that it will involve a replacement for (or extension to) Git which not only decentralizes the source code, but also the associated issue tracking, discussions, etc. (Think Github/Bitbucket, but completely decentralized and with threaded conversations.)
Comment
Comment