I'm just wondering how safe the Send Threshold is for spammers and automated scripts.

How does that exactly work? How does it determine who the user is for an anonymous visitor to the site? cookie? ip?

If I set threshold to 3 and i come to my site as an anonymous user, how does it know who i am if i try to send on the 4th time?

Same scenario for an automated script?

I guess i'm just wondering if i need/can enable captcha on 'send'. I don't want to open myself up to a lot of spam since i probably will be administering the machine my site lives on.

thanks much

Comments

allie micka’s picture

Status: Active » Closed (fixed)

Send uses Drupal's built-in flood mechanism ( see http://api.drupal.org/api/function/flood_is_allowed/5 ).

This means that the threshold will restrict the number of posts from a particular IP address. This makes things relatively secure, but if in doubt, add the Captcha module.