CAPTCHA's are hackable too, it just adds 3 to 10 times the effort, and
spammer/hackers are certainly doing this as they have been hacking
Gmail, Yahoo, Hotmail and AOL accounts by the thousands. In a count
just 2 months ago, 20% of the mail my system received from their servers
(excludes forgeries) was from accounts the spammers created using
scripts to create them.
I don't know why spammers are going after webmail specifically when it
would seem much easier to go after SMTP/POP3/IMAP. Makes me think that
these may be the same kinds that go after the big names, and they may
very well have the OCR capability already.
Matt
Sanford Whiteman wrote:
You can't CAPTCHA a SMTP AUTH session however. There's plenty of
account hacking going on straight through SMTP and POP3 (and maybe
IMAP also).
Certainly agreed, but allowing a user to access webmail w/CAPTCHA when
you have been forced to lock them out from every other type of
authentication will keep more users happy (not just those that "fail
over" to use webmail on their own, but those that can be steered there
after a phone call to unlock their account).
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/
Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases!
http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/
http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/
To Unsubscribe: http://imailserver.com/support/discussion_list/
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://imailserver.com/support/kb.html
