How To Make Freeloaders Not Spam AGAIN

Let us suppose you run a free service, that gives out web page space or email accounts or whatever, to any random luser who wanders in. Therefore, you can't demand a credit card number up front, so your chances of collecting on a fine are somewhere between "slim as a monomolecular fiber" and none.

One of your lusers decides to spamvertise his page, dropbox, or whatever, that's on your server. (If he's spamming from your server, you have been inexcusably irresponsible in your setup!) You shut him down. But... the next minute, he's right back, setting up another account, spamming... and ruining your reputation. What to do, what to do....

Some options:

• Shut down the account, when complainers make you aware of it.

  Pros:

  • Can help your reputation, if you react swiftly to all complaints, and notify the complainers quickly.

  Cons:

  • Only helps your reputation among those inclined to complain. Millions more will just press delete, grumbling about yet another spam about pages/dropboxes/whatever on your server. Some may eventually set up filters to block any email mentioning your server.

  Further notes: This seems to be the most widely used approach.

• Scan for his pages on a frequent basis (at least daily), and if found, nuke the corresponding account, or at least flag it for human attention.

  Pros:

  • Can wind up preventing a spam from being at all successful (as in, having anyone actually get suckered into whatever he's selling), if you disable the pages before the spam goes out.

  Cons:

  • Can be technically difficult to do.
  • Takes up disk-access and CPU horsepower.
  • Can have false hits.

  Further notes: Some lusers may whine that it's an invasion of privacy, or infringement on freedom of speech. Fsck 'em, it's your server. Their privacy and freedom of speech are worth exactly what they're paying you.

• Tell him that any further attempt of his to create a new account with you will be treated as trespass.

  Pros:

  • If you enforce it, the spammer in question might learn a lesson, and at least might not be able to spam for a while.
  • If you make the action public, he can serve as an object lesson to would-be spammers, not to spam about you (i.e., any resource you host) twice, and maybe even not to spam at all.

  Cons:

  • It's a pain in the proverbial posterior to enforce.
  • Stupidity isn't the only way in which most spammers are judgement-proof.

  Further notes: Since it's such a pain to enforce, it's best saved for the worst offenders, such as the androstenone spammer that xoom refuses to do anything effective about. (They keep using the "just shut down the pages" method....)

• Require an email or snailmail address, to which to send an initial password. Refuse to grant an account if it matches a prior spammer. Require that email addresses not be at any instant-free-account provider, and that snailmail addresses not be PO boxes.

  Pros:

  • Ensures only a limited number of times a spammer can get an account with you.

  Cons:

  • Slows down non-spammers too, sometimes to the point where they will get bored with waiting (especially in this age of instant gratification) and go elsewhere.
  • Spammers can make it look like they're at different places, by giving different "suite numbers" at an address that isn't really composed of suites (such as a residence, storefront, etc.). Of course, you could demand that the non-suite part be different, but you lose clients in big office and apartment buildings!

  Further notes: If you do get a match, that's a pretty clear case for trespass, as mentioned above. You'd think they'd know better, but to paraphrase a certain genocidal maniac, "What luck for BOFHen that spammers do not think!"

• Put a cookie on his browser, and track that instead of the addresses as above. When someone tries to create a new account, check for your cookie, and look up the corresponding account.

  Pros:

  • Most spammers are too clueless to figure out how to get around it.

  Cons:

  • The occasional clueful spammer can easily get around it.
  • A spammer could access you with a different machine, or a different identity in browsers that have such a feature.
  • Many non-spammers are cookiephobic. (They're absolutely harmless, but you know how paranoid some idiots are....)

  Further notes: Remember, a "hit" can mean not only denial, but a trespass suit!