Hacker News new | ask | show | jobs
by timvisee 2005 days ago
I'm afraid you're right.

I had a spam problem once with an app of mine.

Spammers registered accounts, put an URL in the name field, essentially allowing them to send an email to anybody starting with:

Hello SKETCHY_URL, please activate your account...
1 comments
massaman_yams 2005 days ago
This happens at stunning scale; there are probably several billion messages a month sent via malicious form submissions globally, by my rough semi-informed estimate. (That includes other types of abuse than the one you mentioned.)

Perhaps this is bias from dealing with that kind of spam on a regular basis, but my current position is that a captcha needs to be present any web form which can even indirectly or occasionally result in an email being sent.

link
timvisee 2005 days ago
I always find Captcha's a really tricky topic. Especially these days where robots have become super sophisticated on solving them.

At the same time it can be super irritating, and might even block legit users. Along with that you invade user privacy with solutions provided by Google, tracking every move on all pages.

But yeah, it may be nice to have the option, even if temporary, if you're experiencing an ongoing attack.

link