On 10/23/06, Julian Fleischer mediazilla@warhog.net wrote:
Sure they are easy to filter out, but we can't let spammers have free reign like this. If there is such a "throttle" feature it needs to be activated ASAP (how many times a day does the average user forget his password?). If nothing else all these mails are a unnessesary strain on our mail system. Pluss some users have "threatened" to report it to SpamCop and such, and we don't want our mailserver blacklisted now do we?
wouldn't the whole problem be avoided it the user had to fill in his e-mail-address (which he hopefully hasn't forgot...) when asking for the password reminding email?
As another attempt at a solution, it would be useful (and maybe even sufficient) to make the user complete a capcha before the reminder is generated. This would at least avoid bots sending out hundreds of password reminders.
Steve