[development] Captcha module and Firefox (was: Possible DDoS attack on Drupal user creation)

Khalid B kb at 2bits.com
Fri Feb 10 16:25:45 UTC 2006

> Captcha is bad. Evil. ;)
>  http://drupal.org/node/46666 is a faaaar better approach. (imo). It validated
> the email first over SMTP on the remote server, and then reports back.

While this is an improvement, please note that it is not fool proof either.

My feedback module has an option to validate the email addresses using
this same approach (contact MX server for the domain supplied, send the
user ID, get back a response, ...etc).

I had to turn this off on my sites, since a lot of people would not be validated
correctly on it (if I remember correctly, it was MSN and AOL or something
like that).

So, just beware that this is not a 100% solution either, despite being better
than captcha.

More information about the development mailing list