WebApp Sec mailing list archives
Re: Suggestion: email anti-spoof measure on web site
From: Georgi Alexandrov <georgi.alexandrov () gmail com>
Date: Mon, 23 Jan 2006 12:56:06 +0200
mike () sharecube com wrote:
These forms, like tell-a-friend are tremendously useful for a business. They allow two or more parties to notify each other of the company's products. The preferred answer (from my point of view) is that several email throttle techniques be recommended/required: only permit a few emails within a time span of five or ten minutes. If a site normally only sees one or two consumer uses of this form per hour, suddenly having 300 emails is a sure indicator that they are being exploited. A limit of 10 emails / 5 minutes and a limit of 20 / hour are reasonable.
And you can always add eye verification system to those limits ;-) -- regards, Georgi Alexandrov Key Server = http://pgp.mit.edu/ :: KeyID = 37B4B3EE Key Fingerprint = E429 BF93 FA67 44E9 B7D4 F89E F990 01C1 37B4 B3EE
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Suggestion: email anti-spoof measure on web site ma . huijuan (Jan 18)
- <Possible follow-ups>
- Re: Suggestion: email anti-spoof measure on web site mike (Jan 19)
- Re: Suggestion: email anti-spoof measure on web site Georgi Alexandrov (Jan 23)
- Re: Re: Suggestion: email anti-spoof measure on web site ma . huijuan (Jan 19)
- Re: Re: Re: Suggestion: email anti-spoof measure on web site mike (Jan 20)