Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Suggestion: email anti-spoof measure on web site

Re: Suggestion: email anti-spoof measure on web site

From: Georgi Alexandrov <georgi.alexandrov_at_gmail.com>
Date: Mon, 23 Jan 2006 12:56:06 +0200

mike_at_sharecube.com wrote:

>These forms, like tell-a-friend are tremendously useful for a business. They allow two or more parties to notify each other of the company's products.
>
>The preferred answer (from my point of view) is that several email throttle techniques be recommended/required: only permit a few emails within a time span of five or ten minutes. If a site normally only sees one or two consumer uses of this form per hour, suddenly having 300 emails is a sure indicator that they are being exploited. A limit of 10 emails / 5 minutes and a limit of 20 / hour are reasonable.
>
>
And you can always add eye verification system to those limits ;-) 

-- 
regards,
Georgi Alexandrov
Key Server = http://pgp.mit.edu/ :: KeyID = 37B4B3EE
Key Fingerprint = E429 BF93 FA67 44E9 B7D4  F89E F990 01C1 37B4 B3EE

Received on Jan 23 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]