Mike
Well-Known Member
I really hate to belabor this point, but it seems if I do not hammer the point home on a regular basis, then potential new members miss the message and the intent.
I want everyone to look around these forums and tell me how much spam you can find. I can tell you, there is not any spam here, but go ahead and waste the hours necessary to prove it to yourselves.
Ahh, you don't want to waste time looking for spam, do you? You want to enjoy using the forums, rather than trying to find spam, aye?
I, for one, do not blame you. Because I am just the same. As are our hard-working and under-appreciated moderators, @EX JUNK , @409T and @Keeper . The four of us recognize this place is going to require some minimal maintenance, but in the overall scheme of things, we want to enjoy using the forums, same as anyone else. We don't want to be wasting our time looking for spam, any more than anyone else.
As a result, I have set up the registration process for this forum with multiple and aggressive measures to block spammers from ever getting in here. And I think the results speak for themselves, if I do say so, myself.
When a potential member attempts to submit registration for a new account, there are a lot of things happening that they never see. Yes, they will immediately see the red ink, announcing that we do block several e-mail service providers that are typically associated with spam registrations. Yes, they will see what they might feel is a peculiar question, that they will be required to answer. Yes, they will see a timer that will not allow them to submit their completed forum until after a predetermined amount of time has elapsed. But there are a lot more steps, taking place in the background.
1. When we ask for a valid and working e-mail address, that is done for multiple reasons. One is that each member can tailor his own account settings to provide him with e-mail notifications of certain events taking place on the forums. But we also require it to verify the legitimacy of the individual. Once a new registration is submitted, the forum software is configured to send a confirmation e-mail to that address. The confirmation message contains a link that must be visited within 168 hours (7 days), or the new account will be deleted from the database. I typically see 2 or 3 people a week who enter invalid e-mail addresses, so every 24 hours, I get a report advising me those users accounts are going to be deleted. But if their e-mail addresses are not valid, how am I to contact them, to flag them up?
The bottom line is that if someone cannot verify the spelling of their own e-mail address, I am not going to be held responsible.
2. When a potential new member attempts a registration, their IP address is checked against our Discouraged Users list. If a member has been banned and continues to attempt circumventing the ban, then I can add that user's IP address/es to a list that is designed to confound the daylights out of them. If a user whose IP address is being discouraged attempts to merely visit the forums, page loads are stalled, to take between 20 and 30 seconds to load. 15% of the time, the loaded page will be blank. If they attempt to use the search function, they will find it is disabled, 35% of the time. The News Feed is disabled for them, 25% of the time. 50% of the time they do manage to get a page to load, they will find they have been re-directed to our Rules page. And, naturally, they will never be able to load in the registration page. Since the inception of these forums, back on 20 October 2006, only three individuals have ever managed to earn Discouraged User status, so it is only used as a final measure against idiots and trouble-makers.
3. All registration attempts will require a rather simple question to be answered. It is easy to set up a registration robot, to submit automated registrations to forums. So I add in an unexpected step to the registration process, which will trip up most bots, as they are not coded to anticipate the step. I then ask an easily-answered question, but since the bot is not programmed to know the answers to the multiple, possible questions, that stops them in their tracks.
4. The potential new user's IP address is checked to see if it is being used by a proxy site. With security finally becoming a concern for a lot of people, the use of proxy servers is becoming increasingly popular. People use a proxy server to mask their true IP address. My take on it is that if someone has to conceal their identity to use this site, then they are trying to walk in the door under false pretenses, so I slam that door in their face.
5. The potential new user's IP address, username and e-mail address are all checked against the StopForumSpam database. If they have been flagged as a spammer in that database, then I figure it is best to prevent them from getting in here, so the registration is blocked.
6. New registrations are also checked against the Project Honey Pot database, for the same reasons.
7. Robots can dump registration data into the form within fractions of seconds, so I use a timer to stall registration submissions. The few seconds of waiting are like centuries to the bots, so that is another effective block for them.
8. I also block IP addresses from 28 countries, all of which are well-known for their spammy server farms. If someone happens to be visiting any of those countries on business, they will discover they cannot access these forums.
As you can see, we have several, very aggressive measures in place, to prevent possible spammers from ever getting into the site. And the measures are as close to being 100% effective as I can make them. On a slow day, these automated measures will prevent around 350 spammers from getting into the site. On a busy day, that number can double. But it makes no difference how hard the site is getting hit by the spammers, because the forum staff do not have to lift a finger to handle any of it.
I get a few angry e-mail messages from potential new members, every week, griping about the e-mail services we block. Yes, I recognize that we are not like every other forum on the Web, accepting registrations from every individual who darkens our doorstep. But you see, not being like every other forum on the Web is exactly what sets us apart and makes us better. Because we strive to be better, our members are not inundated with forum posts about cell phone deals, amazing diet pills, incredible health insurance plans, little blue pills designed to make your willie hard as Chinese arithmetic, child pornography, or any of the assorted offal you find around every corner of your online activities.
Yes, there is no question we stand to lose 5 or 6 new members a week, because of our e-mail restrictions. But that is a a very insignificant price to pay, to block up to 4,500+ spammers in that same time frame.
People scoff and tell me how secure their throw-away e-mail addresses are, but no matter how many people try to urinate in my ear, I still know it is not raining. Are you aware that if you have Yahoo e-mail addresses that you are not accessing on a regular basis, those addresses are being recycled? Case in point - John Doe wants to make an online purchase, but he doesn't want to use his regular e-mail address, because that address is sacrosanct. So he nips over to Yahoo and registers himself up a throw-away e-mail address. Then he dashes over to PayPal and registers an account there, using his Yahoo e-mail address. He makes his purchase, gets his product and never comes back to check his Yahoo account. Yahoo has no problems with that, they just recycle the address and give it to Johnny Doe, who is wanting to register it. It all seems above-board, until you stop to realize that if PayPal sends John an e-mail about his PayPal account, then it is going to be Johnny who will actually get the message. Errr, excuse me, but how do you spell 'identity theft'?
People get upset and tell me that everyone uses Gmail. Yes, just about everyone I know uses Gmail. But try this - log into that allegedly-secure Gmail account and send a couple of e-mails about something you really have no interest in. E-mail a couple people about something obscure, like quilting machines, or knitting supplies, for instance. Then, start watching the Google ads you are seeing on Web sites. Isn't it amazing how you are suddenly seeing ads from knitting supply companies? Yes, that shows me how 'secure' Gmail is for their users. Google is scraping your messages for keywords, so they can better target their contextual ads to meet your interests.
Now don't be lulled into a false sense of security, thinking your e-mails are safe and sound, because you do not use the throw-away services. Because the truth is that they are not safe and sound. And please be aware, if you are using another e-mail provider to send e-mail to a Gmail user, Google will happily advise you that you have no legitimate expectation of privacy. So there you have it, right from the horse's orifice (you can pick which one works best for you). If you are not using an e-mail service that treats your privacy and security with utter disdain, you have taken a step in the right direction.
The numbers shift from day to day, but to give you an idea of the overall averages, here are the numbers I see in the spam registration logs. 83% of all spam registration attempts are submitted by users with Gmail accounts. 16% of all spam registration attempts are submitted by users with Yahoo accounts. The remaining 1% are users with Hotmail, Rocketmail, Live, Outlook and Ymail accounts.
A potential new member contacted me via e-mail, just last evening, asking how he might be able to register, considering that Yahoo mail is the only (he emphasized that word by capitalizing it) e-mail service he uses. I had to tell him the short answer is that he would not be able to register. It is just that simple.
We started implementing e-mail blocks back on 11 April 2008, nearly 6 years ago. These aggressive blocks have worked extremely well for us. So well, in fact, that we will continue to block suspect e-mail providers in the future. If I could only block 10 spammers a day with this type of measure, I would be doing it. When I can block 350 - 700 spammers a day, then it is simply a no-brainer. And it is a topic that is not going to be open for discussion.
I hope this will help everyone understand the restrictions we employ, as well as the reasons we employ them.
I want everyone to look around these forums and tell me how much spam you can find. I can tell you, there is not any spam here, but go ahead and waste the hours necessary to prove it to yourselves.
Ahh, you don't want to waste time looking for spam, do you? You want to enjoy using the forums, rather than trying to find spam, aye?
I, for one, do not blame you. Because I am just the same. As are our hard-working and under-appreciated moderators, @EX JUNK , @409T and @Keeper . The four of us recognize this place is going to require some minimal maintenance, but in the overall scheme of things, we want to enjoy using the forums, same as anyone else. We don't want to be wasting our time looking for spam, any more than anyone else.
As a result, I have set up the registration process for this forum with multiple and aggressive measures to block spammers from ever getting in here. And I think the results speak for themselves, if I do say so, myself.
When a potential member attempts to submit registration for a new account, there are a lot of things happening that they never see. Yes, they will immediately see the red ink, announcing that we do block several e-mail service providers that are typically associated with spam registrations. Yes, they will see what they might feel is a peculiar question, that they will be required to answer. Yes, they will see a timer that will not allow them to submit their completed forum until after a predetermined amount of time has elapsed. But there are a lot more steps, taking place in the background.
1. When we ask for a valid and working e-mail address, that is done for multiple reasons. One is that each member can tailor his own account settings to provide him with e-mail notifications of certain events taking place on the forums. But we also require it to verify the legitimacy of the individual. Once a new registration is submitted, the forum software is configured to send a confirmation e-mail to that address. The confirmation message contains a link that must be visited within 168 hours (7 days), or the new account will be deleted from the database. I typically see 2 or 3 people a week who enter invalid e-mail addresses, so every 24 hours, I get a report advising me those users accounts are going to be deleted. But if their e-mail addresses are not valid, how am I to contact them, to flag them up?
The bottom line is that if someone cannot verify the spelling of their own e-mail address, I am not going to be held responsible.2. When a potential new member attempts a registration, their IP address is checked against our Discouraged Users list. If a member has been banned and continues to attempt circumventing the ban, then I can add that user's IP address/es to a list that is designed to confound the daylights out of them. If a user whose IP address is being discouraged attempts to merely visit the forums, page loads are stalled, to take between 20 and 30 seconds to load. 15% of the time, the loaded page will be blank. If they attempt to use the search function, they will find it is disabled, 35% of the time. The News Feed is disabled for them, 25% of the time. 50% of the time they do manage to get a page to load, they will find they have been re-directed to our Rules page. And, naturally, they will never be able to load in the registration page. Since the inception of these forums, back on 20 October 2006, only three individuals have ever managed to earn Discouraged User status, so it is only used as a final measure against idiots and trouble-makers.
3. All registration attempts will require a rather simple question to be answered. It is easy to set up a registration robot, to submit automated registrations to forums. So I add in an unexpected step to the registration process, which will trip up most bots, as they are not coded to anticipate the step. I then ask an easily-answered question, but since the bot is not programmed to know the answers to the multiple, possible questions, that stops them in their tracks.
4. The potential new user's IP address is checked to see if it is being used by a proxy site. With security finally becoming a concern for a lot of people, the use of proxy servers is becoming increasingly popular. People use a proxy server to mask their true IP address. My take on it is that if someone has to conceal their identity to use this site, then they are trying to walk in the door under false pretenses, so I slam that door in their face.
5. The potential new user's IP address, username and e-mail address are all checked against the StopForumSpam database. If they have been flagged as a spammer in that database, then I figure it is best to prevent them from getting in here, so the registration is blocked.
6. New registrations are also checked against the Project Honey Pot database, for the same reasons.
7. Robots can dump registration data into the form within fractions of seconds, so I use a timer to stall registration submissions. The few seconds of waiting are like centuries to the bots, so that is another effective block for them.
8. I also block IP addresses from 28 countries, all of which are well-known for their spammy server farms. If someone happens to be visiting any of those countries on business, they will discover they cannot access these forums.
As you can see, we have several, very aggressive measures in place, to prevent possible spammers from ever getting into the site. And the measures are as close to being 100% effective as I can make them. On a slow day, these automated measures will prevent around 350 spammers from getting into the site. On a busy day, that number can double. But it makes no difference how hard the site is getting hit by the spammers, because the forum staff do not have to lift a finger to handle any of it.
I get a few angry e-mail messages from potential new members, every week, griping about the e-mail services we block. Yes, I recognize that we are not like every other forum on the Web, accepting registrations from every individual who darkens our doorstep. But you see, not being like every other forum on the Web is exactly what sets us apart and makes us better. Because we strive to be better, our members are not inundated with forum posts about cell phone deals, amazing diet pills, incredible health insurance plans, little blue pills designed to make your willie hard as Chinese arithmetic, child pornography, or any of the assorted offal you find around every corner of your online activities.
Yes, there is no question we stand to lose 5 or 6 new members a week, because of our e-mail restrictions. But that is a a very insignificant price to pay, to block up to 4,500+ spammers in that same time frame.
People scoff and tell me how secure their throw-away e-mail addresses are, but no matter how many people try to urinate in my ear, I still know it is not raining. Are you aware that if you have Yahoo e-mail addresses that you are not accessing on a regular basis, those addresses are being recycled? Case in point - John Doe wants to make an online purchase, but he doesn't want to use his regular e-mail address, because that address is sacrosanct. So he nips over to Yahoo and registers himself up a throw-away e-mail address. Then he dashes over to PayPal and registers an account there, using his Yahoo e-mail address. He makes his purchase, gets his product and never comes back to check his Yahoo account. Yahoo has no problems with that, they just recycle the address and give it to Johnny Doe, who is wanting to register it. It all seems above-board, until you stop to realize that if PayPal sends John an e-mail about his PayPal account, then it is going to be Johnny who will actually get the message. Errr, excuse me, but how do you spell 'identity theft'?
People get upset and tell me that everyone uses Gmail. Yes, just about everyone I know uses Gmail. But try this - log into that allegedly-secure Gmail account and send a couple of e-mails about something you really have no interest in. E-mail a couple people about something obscure, like quilting machines, or knitting supplies, for instance. Then, start watching the Google ads you are seeing on Web sites. Isn't it amazing how you are suddenly seeing ads from knitting supply companies? Yes, that shows me how 'secure' Gmail is for their users. Google is scraping your messages for keywords, so they can better target their contextual ads to meet your interests.
Now don't be lulled into a false sense of security, thinking your e-mails are safe and sound, because you do not use the throw-away services. Because the truth is that they are not safe and sound. And please be aware, if you are using another e-mail provider to send e-mail to a Gmail user, Google will happily advise you that you have no legitimate expectation of privacy. So there you have it, right from the horse's orifice (you can pick which one works best for you). If you are not using an e-mail service that treats your privacy and security with utter disdain, you have taken a step in the right direction.
The numbers shift from day to day, but to give you an idea of the overall averages, here are the numbers I see in the spam registration logs. 83% of all spam registration attempts are submitted by users with Gmail accounts. 16% of all spam registration attempts are submitted by users with Yahoo accounts. The remaining 1% are users with Hotmail, Rocketmail, Live, Outlook and Ymail accounts.
A potential new member contacted me via e-mail, just last evening, asking how he might be able to register, considering that Yahoo mail is the only (he emphasized that word by capitalizing it) e-mail service he uses. I had to tell him the short answer is that he would not be able to register. It is just that simple.
We started implementing e-mail blocks back on 11 April 2008, nearly 6 years ago. These aggressive blocks have worked extremely well for us. So well, in fact, that we will continue to block suspect e-mail providers in the future. If I could only block 10 spammers a day with this type of measure, I would be doing it. When I can block 350 - 700 spammers a day, then it is simply a no-brainer. And it is a topic that is not going to be open for discussion.
I hope this will help everyone understand the restrictions we employ, as well as the reasons we employ them.
