A solution to the spam problem

[Kzach]

So, with the new board you've promised to import all the old threads and users.

But do you really have to?

Sometimes to move forward, you have to let go of the past. Would a lot of people complain? Sure, but let's face it, they'd get over it and their complaints would be tears in the rain anyway.

The proposal I'm making is that you change one very simple aspect of the boards. You require that accounts be made using ONLY ISP email addresses. In other words, no gmail, hotmail, etc. This alone DRASTICALLY reduces your spambot rate. It doesn't eliminate it, mind you, but if the current rate is 100%, you'd be cutting it by 99%.

At least, that's what people tell me. I got the idea from another forum I go to where I am yet to see a spambot post at all. It also severely cuts down on people creating sock-puppets and mock accounts. Also, bandwidth wouldn't be wasted on all those nuisance accounts and spambots.

So sure, everyone would have to create new accounts. And sure, they'd all lose their precious XP and post counts and join dates. But everyone, at some point, has to make sacrifices for the betterment of a society. People WILL get over it. And you'll have a far more accurate picture of your actual users.

 

[Morrus]

I'd be screwed. I don't have an ISP email address!

 

[Viking Bastard]

Does anyone use ISP email addresses anymore? (It's just not very smart to rely on.)

 

[Kzach]

I'd be screwed. I don't have an ISP email address!

Surely you do. I mean, isn't it a bare minimum basic requirement? After all, how else would you communicate with your ISP? How do you receive bills or warning notices or service interruption notices, etc.?

Does anyone use ISP email addresses anymore? (It's just not very smart to rely on.)

Hell no. I don't use it for anything other than this one forum that requires it. Which is, again, why it's such a good idea. I'd be willing to bet a good 10% (at least) of the accounts here are dummy/spam accounts. Imagine all the bandwidth those spambots use alone!

Anyone can create a gmail account (I have about seven...), but very few people have the know-how to get around having the requirement of an ISP email account in order to register a forum account.

 

[Viking Bastard]

Surely you do. I mean, isn't it a bare minimum basic requirement? After all, how else would you communicate with your ISP? How do you receive bills or warning notices or service interruption notices, etc.?.

My fiancée usually gets an rare SMS about the immediate important stuff; then there's the ISP's online service panel for the rest and the bills go directly to my online bank.

I don't get a email address from my ISP, although I can get one if I request it.

Hell no. I don't use it for anything other than this one forum that requires it. Which is, again, why it's such a good idea. I'd be willing to bet a good 10% (at least) of the accounts here are dummy/spam accounts. Imagine all the bandwidth those spambots use alone!

Anyone can create a gmail account (I have about seven...), but very few people have the know-how to get around having the requirement of an ISP email account in order to register a forum account.

But how would you restrict it to an ISP account? I mean, I've seen such restrictions for signup (though, not for years), but what they effectively were "Use any email account, except for this list of popular free-signup email services". Someone operating a spambot can probably set up his own POP3 server.

If it's actually a list of approved "real ISPs", how can you make sure my Icelandic ISP makes it to the list.

What if you just don't buy any service from any ISP?

 

[Kzach]

If it's actually a list of approved "real ISPs", how can you make sure my Icelandic ISP makes it to the list.

*shrug*

I just reported some spam and thought to myself, "Geez, they have a lot of spam on this site... that reminds me of this other forum I go to where they have no spam at all... maybe I should post that site's methods as a suggestion!"

I am not a web developer.

 

[Piratecat]

I'd be screwed too. All gmail, all the time.

Spam is actually really easy to deal with. We get 1-3 spammers a day. 3 clicks and everything they've posted is gone, and they're IP banned. I don't mind the 3 minutes it takes. Thank you for reporting the spam, by the way - it's definitely appreciated.

 

[chriton227]

I'm all for reducing spam, but it is a very difficult problem to solve. While filtering to only ISP email accounts is an idea worth considering, it could easily become a nightmare to maintain. There are two possible approaches to restricting it to ISP only email:

1) Blacklist non-ISP "free" email providers. This is probably the simplest to implement, but trivial to work around. It cost me less than $20 to get started with my site, which included a domain name, hosting, and more email addresses than I could ever want, and I'm sure there are much cheaper options available. You could always add more sites to the blacklist as you see spammers coming from those addresses, but that could be a time consuming job to keep up with. You would also have to keep an eye out for new free providers or alias services as they become available.

2) Whitelist ISP email providers. Just building a list of the existing providers globally would be a monumental task. You would have to accommodate obsolete ISPs (my main ISP email account is from a provider that was bought out over a decade ago, and my old account is grandfathered in). You will have cases where the ISP service doesn't provide enough email addresses for everyone in a family to have one and the family doesn't want to go with shared email accounts. Some ISPs don't even have the option of getting an email account (my 3g Mifi is internet access through a cell phone provider that doesn't offer email). I also know people that have business class internet connections for one reason or another and these frequently don't come with email addresses either. And finally you have people that don't have ISPs at all, they access the internet through other available access points like restaurant hot-spots, school, work, or libraries.

Sites like StackExchange have a much stricter process that new accounts have to go through before they can really start posting, and it is driven by feedback from other users. Perhaps there is something similar that can be done here like adding a "report spammer" button that becomes available to registered users of a certain rep level, and if a poster accumulates a certain number of reports in a given time frame posts from the spammer account would be hidden and the account flagged for moderator review. There would need to be some audit trail/accountability built in to deal with abuse.

 

[Piratecat]

We could also blacklist certain IP ranges - for instance, much of our recent spam is from India, so they must have opened up a new shop there - but that leads to some unsavory blocking of legitimate accounts.

 

[Umbran]

Sites like StackExchange have a much stricter process that new accounts have to go through before they can really start posting, and it is driven by feedback from other users.

It isn't like most of our spammers are posting heavily. The majority of them are "one and done".

Perhaps there is something similar that can be done here like adding a "report spammer" button that becomes available to registered users of a certain rep level, and if a poster accumulates a certain number of reports in a given time frame posts from the spammer account would be hidden and the account flagged for moderator review. There would need to be some audit trail/accountability built in to deal with abuse.

I don't see how this would be superior to our current "one person reports it once, and that spammer is dealt with in a few hours" system.