Ask HN: How to stop leachers abusing our site
I run a service called BlueMailCentral.com. That allows you to send a letter (snail mail) from your PC to any country in the world. As a marketing instrument the first letter is free of charge, no questions asked, no payment needed. The problem I have now is that a group of people are abusing my system to send out the famous Nigerian scam mail. (I can't believe people still fall for that.)
Besides the fact that it is actually costing me money it also damages BlueMail’s reputation because my logo/url is on the back of the envelope containing the scam letter.
My problem is that I want to stop them while maintaining the low threshold for the real customers.
As far as I can tell they handle the registration process manually, that makes solutions like (re)capcha etc useless.
Any ideas/tips/suggestions ?
9 comments
[ 3.4 ms ] story [ 29.1 ms ] threadAnother option would be to check whether the abusers are coming from a specific IP range, and simply deny access to them.
And with a little more of work, it should be possible to filter the words differently if they are in the address of the letter, the submitter or in the main text.
(And they should warn the users that if they use the free try, they might read it.)
With a carefully calibrated spam filter, one could even make it so that no human interaction is needed: when the filter tags the message as spam, it tells that to the user. He can then contact the site administrator if he feels the software is at fault.
Privacy preserved.
* One idea is to use the classic "Give us your credit card details first" approach. You allow people to create accounts but, once they go to send their first free letter, you explain that "To protect against spam, we require that you confirm your credit card details. Your card will not be charged for this letter."
It isn't optimal if what you want are signups but it would definitely decrease fraud.
* What about using an IP address filter that prevents people using proxies or IPs from certain countries (Nigeria for example) from using the free service?
* What about pretending to send the letters from Nigerian/certain IPs but not actually doing it? This way would allow you to see patterns: which IPs or IP blocks were abusing the service, which search terms you could automate for blocking, etc. Basically you send back a "Your letter has been sent!" response to the user but you don't actually do it.
* What about requiring telephone confirmation of address info?
Thanks a lot for the suggestions. I really appreciate all your input.
http://www.stopforumspam.com/apis