问HN:你对使用工作量证明(PoW)验证码防止表单垃圾邮件的经验如何?
大家好,
我正在构建一个开源的电子邮件通讯工具,其中一个挑战是表单垃圾邮件:一旦注册表单在某个地方上线,机器人就会尝试注册。这可能是试图淹没那些账户被盗用的人的收件箱。但这对运营通讯的人来说也是个问题,因为这些最终不需要的邮件会降低他们的发件人信誉。
最近在HN上有关于这个话题的讨论[1]。帖子作者最终使用了Cloudflare Turnstile来缓解这个问题。我们目前已经支持像hCaptcha这样的外部验证码解决方案。然而,我们的许多用户非常注重隐私,不喜欢将用户数据发送给第三方(尤其是对于我们的欧洲用户来说,非欧盟的第三方)。
所以我现在在考虑在所有注册表单中添加一个不可见的工作量证明(PoW)验证码。我正在考虑的可能实现方案有Altcha [2]和mCaptcha [3]。
现在我想问:你们中有没有人尝试过使用PoW验证码来防止表单垃圾邮件?到目前为止,你们的经验如何?
[1] https://news.ycombinator.com/item?id=47609882
[2] https://altcha.org/
[3] https://mcaptcha.org/
查看原文
Hey folks,<p>I'm building an Open Source email newsletter tool and one of the challenges we have is form spam: As soon as a signup form goes live somewhere, bots will try to sign up. This is possibly an attempt to overwhelm the inbox of people whose accounts have been compromised. But it's also bad for the people who run the newsletter as these ultimately unwanted emails reduce their sender reputation.<p>There was recently a discussion here on HN about this topic [1]. The post author ended up using Cloudflare Turnstile to mitigate the issue. We currently already have support for external captcha solutions like hCaptcha. However, many of our users are quite privacy-conscious and don't like having user data sent to third parties (especially non-EU third parties for our European users).<p>So now I've been thinking of adding an invisible proof-of-work (PoW) captcha to all signup forms. Possible implementations I've been considering are Altcha [2] and mCaptcha [3].<p>Now to my question: Have any of you tried using PoW captchas to protect against form spam? What have your experiences been with it so far?<p>[1] https://news.ycombinator.com/item?id=47609882<p>[2] https://altcha.org/<p>[3] https://mcaptcha.org/