Educause Security Discussion
mailing list archives
Re: Form spam
From: Marty Hoag <marty.hoag () NDSU EDU>
Date: Thu, 15 Feb 2007 14:50:59 -0600
Aha. I recalled the SANS ISC Diary that Brian
mentioned but couldn't find it until this note
reminded me that it contained a reference to
captcha... ;-) It's at
They had a rather interesting approach...
H. Morrow Long wrote:
You could use a captcha -- and (or combine it)
with a username and password to restrict
automated form spam.
- H. Morrow Long, CISSP, CISM, CEH
University Information Security Officer
Director -- Information Security Office
Yale University, ITS
On Feb 15, 2007, at 2:16 PM, Brian Smith-Sweeney wrote:
David Dean wrote:
Does anyone do anything about form spam? We have application level
processes in place but we don't report this the way, say, email spam is
reported and track, and sometimes prosecuted. I ask because we're
getting more and more. It seems to be the cool new outlet for
frustrated email spammers.
The ISC at SANS did something on this a while back, because they were
getting bombarded; I don't know if they're tracking/reporting this stuff
or not. Unfortunately I couldn't find the diary entry where they
discussed this but I know they've got something in place.
Brian Smith-Sweeney Sr. Network Security Analyst
ITS Technology Security Services, New York University
bsmithsweeney () nyu edu <mailto:bsmithsweeney () nyu edu>