Read more
How not to turn your application into a spam relay
Spammers have started abusing other application to send their spam. This works like this:
- The application has some form that allows to send e-mails to arbitrary users. This can be something like a newsletter sign-up with a double-opt in, a registration confirmation e-mail (or even password reset e-mail), or something similar.
- The e-mail also includes some reflected text. For example, a user may be able to give their name, and the name is used within the e-mail. The spammer will then abuse that text to include his advertisment.
Rails professionals
since 2007
Our laser focus on a single technology has made us a leader in this space. Need help?
-
We build a solid first version of your product
-
We train your development team
-
We rescue your project in trouble
Read more
Show archive.org snapshot
Potential counter measures are:
- Add a captcha.
- Rate limit the sign-up or password-reset.
- Do not reflect arbitrary text.
Posted by Tobias Kraze to makandra dev (2019-01-21 09:14)