Read more

How not to turn your application into a spam relay

Tobias Kraze
January 21, 2019Software engineer at makandra GmbH

Spammers have started abusing other application to send their spam. This works like this:

  • The application has some form that allows to send e-mails to arbitrary users. This can be something like a newsletter sign-up with a double-opt in, a registration confirmation e-mail (or even password reset e-mail), or something similar.
  • The e-mail also includes some reflected text. For example, a user may be able to give their name, and the name is used within the e-mail. The spammer will then abuse that text to include his advertisment.
Illustration online protection

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

  • Prevents you from data breaches and liability risks
  • Upgrade at your own pace
  • Works with modern Rubies
Read more Show archive.org snapshot

Potential counter measures are:

  • Add a captcha.
  • Rate limit the sign-up or password-reset.
  • Do not reflect arbitrary text.
Posted by Tobias Kraze to makandra dev (2019-01-21 09:14)