From 93037ce44ab48aabad4564fbdfe1c967908e8ae8 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <msapiro@value.net>
Date: Sat, 24 Nov 2012 14:44:15 -0800
Subject: Implement SUBSCRIBE_FORM_SECRET to mitigate bot subscribes.  (LP:
 1082746)

---
 NEWS | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 6ceeb17b..84fdebf5 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,14 @@ Here is a history of user visible changes to Mailman.
 
   New Features
 
+    - There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put
+      a dynamically generated, hidden hash in the listinfo subscribe form and
+      check it upon submission.  Setting this will prevent automated processes
+      (bots) from successfully POSTing web subscribes without first retrieving
+      and parsing the form from the listinfo page.  Note that enabling this
+      will break ant static subscribe forms on your site.  See the description
+      in Defaults.py for more info.  (LP: 1082746)
+
     - add_members now has an option to add members with mail delivery disabled
       by admin.  (LP: 1070574)
 
-- 
cgit v1.2.3