Jump to:
| Project: | Watcher |
| Version: | 6.x-1.0 |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
As of 1.0, Watcher sends an email for a new anonymous subscription, letting the owner of that address know that a notification has been set up and giving directions for turning it off. That's a good start, but it still leaves a big opening for spammers, who can subscribe a bunch of addresses and then post comments which will get sent to those addresses.
Yes, the recipients can turn it off, assuming they can figure out what's going on. It would be better if Watcher would require an email confirmation before it started sending notifications. That is, the anonymous subscriber would actually have to respond to the email, just like the new user email confirmation process.
Running captcha and mollom will catch a lot of the spam, but I'm still nervous about leaving this open on my site.
Comments
#1
It's a risk I've weighed and considered and in this particular case I decided that ease of use was more important than totally spam-proof confirmation. Like you said, CAPTCHA and Mollom catch a lot.
If you can't block spam you got a bigger problem at hand than worrying about notifications being sent.
If you want to prevent spambots from accessing your site, Bad Behavior is a useful tool:
http://drupal.org/project/badbehavior
#2