←back to thread

408 points blindgeek | 1 comments | | HN request time: 0.386s | source
Show context
isodev ◴[] No.42172859[source]
Why are captchas even a thing still? If folks want to scrape something or build an automation around something, then why not let them do it? They still have to respect the system they're logging in. Not to mention the privacy perk of not exposing your visitors to some captcha service with a dozen or more data subprocessors.
replies(7): >>42172909 #>>42172918 #>>42172983 #>>42173046 #>>42173133 #>>42173317 #>>42173643 #
stanmancan ◴[] No.42172918[source]
I had to add a captcha to a registration page a couple years ago. Bots were signing up for thousands of fake accounts with other people’s email addresses. The email confirmation we sent would then get reported as spam since the recipient didn’t sign up for our service. Our email provider suspended our account for high spam reports.
replies(2): >>42173176 #>>42174348 #
Spivak ◴[] No.42173176[source]
I hope the other lesson was the good email verification hygiene of making the user take an affirmative action and click a "verify email" button rather then send it unsolicited.

You essentially had an open public unauthed form that would send an email to any address you typed in it. Surely that alone raises some eyebrows.

replies(3): >>42173445 #>>42173597 #>>42175621 #
1. binarycoffee ◴[] No.42173597[source]
Not a solution. Verification emails alone got a small web site I set up to be blacklisted within days. Most of the unwilling recipients presumably couldn't understand the language the verification email was written in and reported it as spam.