Network Security: Detailed info on Re: Suggestion: email anti-spoof measure on web site

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: Suggestion: email anti-spoof measure on web site

from [Georgi Alexandrov] Network Security

[Permanent Link]

Subject:	Re: Suggestion: email anti-spoof measure on web site
Date:	Mon, 23 Jan 2006 12:56:06 +0200

mike@sharecube.com wrote:

These forms, like tell-a-friend are tremendously useful for a business. They 
allow two or more parties to notify each other of the company's products.

The preferred answer (from my point of view) is that several email throttle 
techniques be recommended/required: only permit a few emails within a time 
span of five or ten minutes. If a site normally only sees one or two consumer 
uses of this form per hour, suddenly having 300 emails is a sure indicator 
that they are being exploited. A limit of 10 emails / 5 minutes and a limit of 
20 / hour are reasonable.

And you can always add eye verification system to those limits ;-)

-- 
regards,
Georgi Alexandrov

Key Server = http://pgp.mit.edu/ :: KeyID = 37B4B3EE
Key Fingerprint = E429 BF93 FA67 44E9 B7D4  F89E F990 01C1 37B4 B3EE

signature.asc
Description: OpenPGP digital signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Suggestion: email anti-spoof measure on web site, ma . huijuan Re: Suggestion: email anti-spoof measure on web site, mike Re: Suggestion: email anti-spoof measure on web site, Georgi Alexandrov <= Re: Re: Suggestion: email anti-spoof measure on web site, ma . huijuan Re: Re: Re: Suggestion: email anti-spoof measure on web site, mike

Previous by Date:	Re: benchmarking the web app scanners, Dinis Cruz
Next by Date:	Re: sql comment in access, John Bond
Previous by Thread:	Re: Suggestion: email anti-spoof measure on web site, mike
Next by Thread:	Re: Re: Suggestion: email anti-spoof measure on web site, ma . huijuan
Indexes:	[Date] [Thread] [Top] [All Lists]