Web apps are a target for abuse by individuals or other nefarious apps\/bots. Dada Mail is no exception. Although we haven’t discovered a vulnerability in the app itself, it’s true that attempts are made, however unsuccessful they are. Here are a few ways to safeguard Dada Mail from these attacks.<\/p>\n
The first line of defense doesn’t seem like one, but it’s the best defense against abuse of your app by hackers and spammers. Always makes sure Closed-Loop Opt-In Confirmation\u00a0 is enabled for your public mailing lists – there’s no excuse not to use it.<\/p>\n
Closed-Loop Opt-In Confirmation main job is to make sure only valid email addresss are adding to your mailing list, and confirms that the actual person who owns the email address wants to receive your mailing list messages. Without this feature enabled, anyone may subscribe anybody to your mailing list, leading to all sorts of problems.<\/p>\n
It’s enabled by default, but this option can be found inside the list control panel in, Mailing List: Options.<\/strong> Look for the checkbox labeled, Require Closed-Loop Opt-In Confirmation<\/strong><\/p>\n By default, Dada Mail does not allow a user to try to subscribe to the same mailing list twice. This is to prevent simple abuse of your subscription forms, neglectful users, or automated processes that have run amok. If an additional confirmation attempt is tried, the user will still be allowed to have another subscription request, once a CAPTCHA is solved.<\/p>\n This option can be found inside the list control panel in, Mailing List: Options.<\/strong> Look for the checkbox labeled,\u00a0Limit subscription confirmation sending. <\/strong>We suggest that this option is always enabled.<\/p>\n StopForumSpam<\/a> is a third party service that keeps a database of usernames, email addresses and IP addresses that have been submitted as being abusive when used throughout the Internet. Dada Mail has support to look up both the email address and IP address of subscription requests. If either come up as positive, the subscription request is blocked from being completed.<\/p>\n This option is also enabled by default (see a trend?) and the option can also be found in the list control panel in,\u00a0Mailing List: Options<\/strong>. Look for the checkbox labeled,\u00a0Enable StopForumSpam Protection. <\/strong>StopForumSpam does require you to have the Perl CPAN module, LWP<\/a> installed. But, even on shared hosts, this is usually available without additional installation. If you can send a webpage, you will be able to use this feature, as both rely on LWP Tools.<\/p>\n Rate Limiting is a feature in Dada Mail tracks where requests for various functions of Dada Mail comes from (not just subscription requests), and sets limits on what it’ll allow, before it senses there may be an attempt to abuse the app. Think Denial of Service (DOS) attacks, or brute-force password cracking. Rate Limiting can help nip this in the bud.<\/p>\nDisallowing\u00a0 Multiple Confirmation Requests<\/h2>\n
StopForumSpam<\/h2>\n
Rate Limiting<\/h2>\n