I agree with you. Just thought that this was a good reason to build some sort of spammer-protection for RoundCube anyway... will keep thinking of it.
Thomas
Craig Webster wrote:
On 13 Dec 2005, at 15:47, Thomas Bruederli wrote:
Jared W. Alessandroni wrote:
Couldn't we just disable the send functions (like by killing the SMPT)? Or limit them in compose.inc by making the _to array (and bcc and cc) arrays trim to one?
Thats what I intended to do but there's more: when a user tries to enter more recipients the session should be terminated automatically and the IP needs to be blacklisted to complicate a quick re-login.
I want id done right before opening the demo again. Please sorry for these circumstances but spammers are just waiting around the corner...
I'd say it was safer to completely disable sending... otherwise a spammer could write a script to send a message one-by-one instead of to many recipients at once. A simple page or notice saying "For security reason, sending has been disabled in the demo" should be sufficient. This way there's no worry about blacklisting IPs, or people somehow getting around any sender restrictions: it's simply impossible to send anything.
Yours, Craig -- Craig Webster | t: +44 (0)131 516 8595 | e: craig@xeriom.net Xeriom.NET | f: +44 (0)709 287 1902 | w: http://xeriom.net