←back to thread

405 points blindgeek | 8 comments | | HN request time: 1.987s | source | bottom
Show context
isodev ◴[] No.42172859[source]
Why are captchas even a thing still? If folks want to scrape something or build an automation around something, then why not let them do it? They still have to respect the system they're logging in. Not to mention the privacy perk of not exposing your visitors to some captcha service with a dozen or more data subprocessors.
replies(7): >>42172909 #>>42172918 #>>42172983 #>>42173046 #>>42173133 #>>42173317 #>>42173643 #
1. stanmancan ◴[] No.42172918[source]
I had to add a captcha to a registration page a couple years ago. Bots were signing up for thousands of fake accounts with other people’s email addresses. The email confirmation we sent would then get reported as spam since the recipient didn’t sign up for our service. Our email provider suspended our account for high spam reports.
replies(2): >>42173176 #>>42174348 #
2. Spivak ◴[] No.42173176[source]
I hope the other lesson was the good email verification hygiene of making the user take an affirmative action and click a "verify email" button rather then send it unsolicited.

You essentially had an open public unauthed form that would send an email to any address you typed in it. Surely that alone raises some eyebrows.

replies(3): >>42173445 #>>42173597 #>>42175621 #
3. toast0 ◴[] No.42173445[source]
How do you authenticate a verify email button?
replies(1): >>42173553 #
4. klez ◴[] No.42173553{3}[source]
It took me a while to understand what GP was trying to say, but I suppose they're thinking of one of those sites where they let you create an account, will let you in and then nag you for a while about "verifying your email address" by clicking a link that will actually send you an email. An unsophisticated spambot won't probably care enough to click through that.
5. binarycoffee ◴[] No.42173597[source]
Not a solution. Verification emails alone got a small web site I set up to be blacklisted within days. Most of the unwilling recipients presumably couldn't understand the language the verification email was written in and reported it as spam.
6. reginald78 ◴[] No.42174348[source]
What's is the play by the spammers here? Is it a direct attack on your website, perhaps because they were competitors? Or are they hoping that 1% of spammed email addresses will accidentally verify their email?
replies(1): >>42175635 #
7. stanmancan ◴[] No.42175621[source]
How would adding an extra button change anything? Right now when they register we send a “verify email address” email. Adding an extra step of “click a button” makes no meaningful difference.
8. stanmancan ◴[] No.42175635[source]
No clue to be honest; I just added a captcha and moved on with life. It’s a small side project so it wasn’t worth investing.