Stopping forum spam - control of the signup process
Archive - Originally posted on "The Horse's Mouth" - 2009-05-04 13:10:03 - Graham EllisOn all the forums that I look after, I now run code so that everyone who wants to sign up has to pass a Captcha test where he / she is required to retype a word (that excludes automata), and even then there's a requirement for me or another administrator to accept the signup, based on information such as the email address entered and the user name requested (and I get a little more information too!)
Some signups are blindingly obvious that they should be accepted. Others are equally blindingly wrong, and rejected without further ado. And then there are those in between - where there is some elements that make the sign up request a bit suspicious, but other elements that look 100% sensible - and that's where we end up doing further research. Two projects that I have just come across to help my investigations are projecthoneypot and stopforumspam - and certainly they provide good further evidence (and I encourage the projects).
Yet even then, there can be a question mark over some signups. If I'm in doubt (but thinking that there's a strong chance of a signup being genuine), I'll send a friendly email and see what sort of answer I get back - quite openly saying "that's an interest choice of user name - is it your real name", and starting to chat about the person's interest in the subject. I recall doing this with a signup request from Japan for the First Great Western CoffeeShop and getting a very nice email back concerning how upset my correspondent was with public transport from Heathrow to somewhere in Devon when he visited his family there ... "genuine". But there are also numerous occasions where there's no answer ... "gotcha"!