TOS violations

Discussion of items in the "What's New" log.

TOS violations

Postby info » Tue Dec 07, 2004 9:15 pm

A few spamgourmet users have been violating the terms of service by using the service "in a way that consumes resources in a manner grossly disproportionate to that of other users of the service, including, but not limited to the use of scripting or other automated means to create large numbers of accounts or addresses over a short period of time." This has caused some performance problems as the servers struggle to keep up. I'm going through and finding the patterns that indicate this condition, and disabling the relevant accounts and clearing the queues. This helps <i>some</i>, but we'll have to find a better long term solution.
Site Admin
Posts: 100
Joined: Thu Aug 28, 2003 12:54 pm

Postby Prognathous » Mon Dec 13, 2004 5:46 pm

Many websites overcome automated scripts by employing image-based verification. This way, only humans can complete the registration process.

Have you considered this method?


Edit: Another option, require new users to donate a dollar as part of every registration, just like does.
Posts: 8
Joined: Mon Dec 13, 2004 5:44 pm

Postby SysKoll » Mon Dec 13, 2004 6:34 pm

We employ the image verification technique already.
-- SysKoll
Posts: 889
Joined: Thu Aug 28, 2003 9:24 pm

Postby Prognathous » Mon Dec 13, 2004 6:49 pm

I wonder if OCR software have become so good that they can now overcome such verifications? I don't know how many false registrations you've had, but if it's a relatively low number then perhaps it wasn't automated after all.

Anyway, the " method" should be good enough and should deter anyone who tries to abuse the system.

Posts: 8
Joined: Mon Dec 13, 2004 5:44 pm

Postby Guest » Mon Jan 10, 2005 9:10 am

You could add a little problem solving to the registration process, such as:

Mr. Ed Norton lives in New York. This winter, oil heat is so much per gallon, gas heat is so much per cubic foot. What should he do?
A. Use oil
B. Use gas
C. Pack up and move to Florida

[ -- From the Honeymooners, Norton's answer was 'C']

All kidding aside, a problem with a little arithmetic and spelled-out numbers should fox the spammers.

Postby josh » Mon Jan 10, 2005 4:17 pm

The problem we have is not with automated sg user registrations -- rather, it's with automated signups on other sites. The scripts in question hit some other site repeatedly, using a slightly different disposable address each time
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby lwc » Mon Jan 10, 2005 11:06 pm

Do you mean it's just a few spamgourmet users, but they try to open unlimited disposable addresses?
Posts: 406
Joined: Sat Aug 28, 2004 9:09 am

Postby Guest » Wed Jan 12, 2005 2:18 pm

I know what to do:

Limit the rate at which new disposables can be created by INCOMING mail. Some number per day, or perhaps per hour.

Per hour makes sense, since only scripts (the "automated signups on [the] other sites" mentioned by josh) would cause the coincidence of MANY NEW ADDRESSES, ALL FROM THE SAME ORIGINATING site, all within a few minutes. Even if a user gets lots of new spam, it would not all come from the same place WITH ONE NEW ADDRESS EACH. This would be the signature of this form of abuse.

Make the limit reasonably large, to give the user time to recover if a spammer or prankster actually DOES attack the spamgourmet address creation concept itself [other threads have postulated this possiblity; replies in those threads say this has NOT happened yet]. If ever attacked, of course, the user would begin using or change his watchword[s] or prefix.

Of course, this limitation would make spamgourmet vulnerable to a new form of denial of service attack: Create lots of addresses for a victim and they go dead. But this is also unlikely.

I think this is it. I can't think of any difficulty this protocol would create for a legitimate user.

Anyone have any ideas?

Return to What's New

Who is online

Users browsing this forum: No registered users and 3 guests