No subject
Tue Apr 24 11:52:11 UTC 2007
"""
What about spam?
Again, this is not a trust system.
Somebody could run their own identity server that says they're
http://spammer.example.com/000001/ all the way to
http://spammer.example.com/999999/ and that's not a goal of this
system to prevent. It's another layer's job to say the identities with
URL spammer.example.com/* is a spammer, or some ID server is a known
spammer, or some particular identity is a known spammer.
"""
OpenID was never intended to provide an assurance that an OpenID
doesn't belong to a spammer. That's OK; neither are regular accounts
created with a username and password. If you want to prevent automated
spammers from signing in to your blog/forum using OpenID, you need to
present a user with a CAPTCHA the first time they sign in with a
specific OpenID.
More information about the general
mailing list