Hacker News new | past | comments | ask | show | jobs | submit login

I should have phrased this differently - it is the fundamental flaw of all email based authentication systems. Your approach is currently a bit more prone to problems since you are one nasty script away from being bounced out of existence.

Yes you need to protect the log in page by rate limiting, Captcha, looking up mx records, etc.

One approach I have thought would be good to use is a rainbow table like approach. Most people are not very imaginative about the fake email accounts they use.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact