user sign up/registration process is being used to spam people
Bug #341935 reported by
James Troup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical SSO provider |
Fix Released
|
Undecided
|
Unassigned | ||
Launchpad itself |
Fix Released
|
High
|
Brad Crittenden |
Bug Description
The sign up/registration process will send email to any address entered
into it. From monitoring feedback loops with the larger mail hosts, I
can confirm this is actively being abused(; some of the reports will be
confused user, based on the other reports, but certainly not all of them
are). This is causing our MTAs/IPs to get a bad 'reputation' and
causing problems with sending mail to larger mail providers who actively
track feedback from users about spam.
I'm afraid I don't know of a reliable solution for this other than
Captchas.
Related branches
lp://qastaging/~bac/launchpad/bug-341935-captcha
- Martin Albisetti (community): Approve (ui)
- Michael Nelson (community): Approve (ui*)
- Edwin Grubbs (community): Approve (code ui*)
-
Diff: 319 lines7 files modifiedlib/canonical/launchpad/browser/tests/registration.py (+2/-0)
lib/canonical/launchpad/pagetests/standalone/xx-new-account-redirection-url.txt (+2/-0)
lib/canonical/launchpad/templates/launchpad-login.pt (+23/-5)
lib/canonical/launchpad/webapp/login.py (+47/-0)
lib/lp/registry/stories/foaf/xx-createaccount.txt (+17/-4)
lib/lp/registry/stories/foaf/xx-reg-with-existing-email.txt (+5/-1)
lib/lp/testing/registration.py (+32/-0)
Changed in launchpad-foundations: | |
status: | Incomplete → New |
Changed in launchpad-foundations: | |
milestone: | none → 3.1.10 |
Changed in launchpad-registry: | |
milestone: | none → 3.1.10 |
Changed in launchpad-registry: | |
assignee: | nobody → Brad Crittenden (bac) |
Changed in launchpad-registry: | |
status: | Triaged → In Progress |
Changed in launchpad-registry: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
How is this really a problem?
I mean this can't be really consider spam, really. And blacking out a SMTP server on that basis is kind of bullyish. It's like forcing down "captcha" in user registrations all over the world.