Re: Rate Limiting in Dada Mail
I'm getting a lot of reports of people having their Dada Mail installs slammed with requests on subscription forms, basically from bots trying to do… something with the form (probably badly informed).
One option to stop this is putting a CAPTCHA on this form, which I'm slightly opposed to, since it adds yet another step between a person who's not subscribed to your list, and one that is.
Rather, I've been experimenting with rate limiting, so only a number of requests are allowed in a certain amount of time. Luckily, the framework Dada Mail is based on has a rate limiting plugin, and it seems to work well. I may put out a beta for those to who are experiencing this problem, to give it a try.
The rate limiting is easy to implement for any number of functions in Dada Mail. So, we can put a limit on attempts on subscribing, attempts on logging in, Forwarding a Friend emails - so on and so forth.
The rate limiting could be used in conjunction with other options available to prevent abuse, which is nice! So, if it doesn't seem to help enough, we haven't caused more complications that need to be undone.
Here's my work, currently:
https://github.com/justingit/dada-mail/tree/features-CGI_App_Plugin_RateLimit
Here's the plugin I'm currently experimenting with:
https://metacpan.org/pod/CGI::Application::Plugin::RateLimit
Any opinions on the type of limit should be made default? 10 requests in a minute's time? Something else?
--
Justin J: Lead Dadaist.
url: http://dadamailproject.com
email: justin@PROTECTED
twitter: @dadamail
skype: leaddadaist
Dada Mail Announcements:
http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/
--
* Post:
mailto:dadadev@PROTECTED
* Manage Your Subscription:
http://dadamailproject.com/cgi-bin/dada/mail.cgi/profile_login/yehuda+dada/ymkatz.net/
* Unsubscribe:
http://dadamailproject.com/cgi-bin/dada/mail.cgi/t/REMOVED/=
- This mailing list is a public mailing list - anyone may join or leave, at any time.
- This mailing list is a group discussion list (unmoderated)
-
Start a new thread, email: dadadev@dadamailproject.com
This is the developer discussion mailing list for Dada Mail.
If you are just looking for support Dada Mail, consult the message boards at:
https://forum.dadamailproject.com
Documentation for Dada Mail:
Specifically, see the Error FAQ:
https://dadamailproject.com/d/FAQ-errors.pod.html
To post to this list, send a message to:
mailto:dadadev@dadamailproject.com
All subscribers of this list may post to the list itself.
Topics that are welcome:
- Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
- Bug/Error reports
- Bug fixes
- Request For Comments on any changes to the program
- Help customizing Dada Mail for your own needs
- Patches
- Language Translations
- Support Documentation/Doc editing, FAQ's, etc.
- Discussion of any changes that you would like to be committed to the next version of Dada Mail -
Dada Mail is on Github:
https://github.com/justingit/dada-mail/
If you would like to fork, branch, send over PRs, open up issues, etc.
Privacy Policy:
This Privacy Policy is for this mailing list, and this mailing list only.
Email addresses collection through this mailing list are used explicitly to work within this email discussion list.
We only collect email addresses through our Closed-Loop Opt-In system.
We don't use your email address for any other purpose.
We won't be sharing your email address with any other entity.
Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.
All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.
All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.