Positive results from the spam service

[Michael]

Is there any way now or planned where we can get more information on the hits our sites are getting on the spam service?

The reason I ask is because I got a level 4 hit on a registration over the weekend from someone who was a customer of mine on another site, and I'm reasonably certain he is not a spammer. I checked his email address and IP address on another site that stores this sort of thing (not sure if I should post the link or not, but they've been mentioned in the general discussion of forum spam before) and while his email address came up with nothing there were a few hits on his IP address. But from what I can tell, in his physical location any number of folks could end up having that as their public IP address on any given day.

I'm just wondering if there's some way where we can see what it was that flagged a particular registration, as I'm sure this is something likely to come up again with other folks too.

[Charles]

Probably the most we could do is let you know if it was the IP or the email address flagged. Would that help?

[CalendarOfUpdates]

[quote name='Charles' date='18 August 2009 - 06:16 PM' timestamp='1250633808' post='1845942']
Probably the most we could do is let you know if it was the IP or the email address flagged. Would that help?

Yes, and the number of hits on that IP/e-mail would help too.

[Charles]

The problem is we don't want to reveal too much about how the system works or spammers could just find a way to trick it...

[Michael]

[quote name='Charles' date='18 August 2009 - 06:20 PM' timestamp='1250634057' post='1845945']
The problem is we don't want to reveal too much about how the system works or spammers could just find a way to trick it...

Yes, that's completely understandable, and I figured that this was a longshot anyway. It would just be nice to give folks that I think are being incorrectly caught by this at least some idea of why they got flagged.

[Guest]

[quote name='Μichael' date='19 August 2009 - 08:32 AM' timestamp='1250631125' post='1845916']there were a few hits on his IP address. But from what I can tell, in his physical location any number of folks could end up having that as their public IP address on any given day.

Solely using an IP address to decide a lock out is a really bad idea. Quite a few ISP's use the IP at their own inbound port not the callers, also services like I am on (satellite) I have a 192.168.x.x address which is NAT'd at the ISP servers (ie one ip address is serving a whole swag of peoples). You can lock out people in bucket loads.

Really unless someone has a dedicated IP address for their local connection (which generally costs extra per month) call in IP addresses are not canonical - CNAME :)

Larry

[bfarber]

[quote name='JLogica' date='18 August 2009 - 09:44 PM' timestamp='1250646248' post='1846022']
Solely using an IP address to decide a lock out is a really bad idea. Quite a few ISP's use the IP at their own inbound port not the callers, also services like I am on (satellite) I have a 192.168.x.x address which is NAT'd at the ISP servers (ie one ip address is serving a whole swag of peoples). You can lock out people in bucket loads.

Really unless someone has a dedicated IP address for their local connection (which generally costs extra per month) call in IP addresses are not canonical - CNAME :)

Larry


If 50 accounts showed up within an hour from "x.x.x.x" would you not consider that a red flag though?

I agree, going by IP address alone can cause problems. But that's not to say IP address shouldn't be factored in.