Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Preventing misuse of campus directory
We are investigating deploying a searchable directory on our web site. With that, I mean a web form where you may enter a first and last name and get names, emails, phones, and limited other information on people in our campus community.
A concern is how do we prevent email harvesters? By that, I mean people who mine this campus directory to get expansive lists of our community’s contact info.
Five techniques I can think of are:
1. IP-based throttling, but this might block legitimate users who are behind shared IPs due to NAT.
2. Assigning some kind of identity to browsers, like setting a cookie or other techniques. The problem is it’s super easy to clear out the browser’s memory of a given session, making it appear like a brand new session to the server.
3. CAPTCHA, but this has usability and accessibility concerns, plus I keep reading of ways the CAPTCHAs get overridden.
4. Server-based intelligence, but “intelligence” is the problem and difficult to deal with.
5. Requiring exact last name matches and at least one character from the first name, but this wouldn’t stop someone with an expansive dictionary of common last names abusing this service.
Have you dealt with this, and what did you do?
Aren Cambre, '99, '03