[imron]

> than you get a 400.

When I did this, the spammers got more creative trying other ways to get through.

Now I return a 200, and the response looks identical to a successful signup.

The only difference is nothing actually happened on the backend.

[bedatadriven]

So far all "my" spammers seem indescriminate. I have the feeling that our form is just another URL on a very very long list, and I see no evidence of adaptation.

If there was something of value (besides excellent software) behind the signup form maybe we would need different strategies.

[citrin_ru]

Signup which looks like successful but blackholed is user hostile. Majority of web form spammer don’t even try to evade filtering - why bother when there are many web forms without validation. All signup spam I’ve ever seen in email was sent via forms which allows to enter longish text in the name field with ether url or email address or phone number. Reasonable validation of user entered fields used in signup emails should stop 99% of such spam.

[imron]

> Signup which looks like successful but blackholed is user hostile

I only do it for things which are clearly not valid users.

[MayeulC]

Ah, I got a phone call yesterday because a small company I ordered something with didn't know where to send the package.

I gave them an e-mail address that contained a "+". Apparently MondialRelay silently dropped their requests. They thought they had sent me multiple e-mails. I received none.

I hate that kind of silent failure mode.

[hoseja]

Well that seems hostile on purpose. "You try holding us accountable for what we do with your email, punk? Shadowban for you!"

[marak830]

I'm so tired of these idiots. I've been slowly teaching various (non tech) co workers how to protect themselves and every time we get to email signups, I have to add a caveat about this only sometimes working, if the company has intelligent programmer.

[mzrnsh]

This is the way