On 10/23/06, Julian Fleischer <mediazilla(a)warhog.net> wrote:
Sure they are
easy to filter out, but we can't let spammers have free
reign like this. If there is such a "throttle" feature it needs to be
activated ASAP (how many times a day does the average user forget his
password?). If nothing else all these mails are a unnessesary strain on
our mail system. Pluss some users have "threatened" to report it to
SpamCop and such, and we don't want our mailserver blacklisted now do we?
wouldn't the whole problem be avoided it the user had to fill in his
e-mail-address (which he hopefully hasn't forgot...) when asking for the
password reminding email?
As another attempt at a solution, it would be useful (and maybe even
sufficient) to make the user complete a capcha before the reminder is
generated. This would at least avoid bots sending out hundreds of
password reminders.
Steve