

Ask HN: How to stop leachers abusing our site - colin-de-vries

Hello,<p>I run a service called BlueMailCentral.com. That allows you to send a letter (snail mail) from your PC to any country in the world. As a marketing instrument the first letter is free of charge, no questions asked, no payment needed. The problem I have now is that a group of people are abusing my system to send out the famous Nigerian scam mail. (I can't believe people still fall for that.)<p>Besides the fact that it is actually costing me money it also damages BlueMail’s reputation because my logo/url is on the back of the envelope containing the scam letter.<p>My problem is that I want to stop them while maintaining the low threshold for the real customers.<p>As far as I can tell they handle the registration process manually, that makes solutions like (re)capcha etc useless.<p>Any ideas/tips/suggestions ?
======
ScottWhigham
Ideas:

* One idea is to use the classic "Give us your credit card details first" approach. You allow people to create accounts but, once they go to send their first free letter, you explain that "To protect against spam, we require that you confirm your credit card details. Your card will not be charged for this letter."

It isn't optimal if what you want are signups but it would definitely decrease
fraud.

* What about using an IP address filter that prevents people using proxies or IPs from certain countries (Nigeria for example) from using the free service?

* What about pretending to send the letters from Nigerian/certain IPs but not actually doing it? This way would allow you to see patterns: which IPs or IP blocks were abusing the service, which search terms you could automate for blocking, etc. Basically you send back a "Your letter has been sent!" response to the user but you don't actually do it.

* What about requiring telephone confirmation of address info?

------
madhouse
Run a spam filter on the incoming messages, if the filter tags them suspicios,
require manual review before postage.

Another option would be to check whether the abusers are coming from a
specific IP range, and simply deny access to them.

~~~
ScottWhigham
Interesting idea. What about the expectation of privacy that a submitter might
have though? Sort of creeps me out a bit to think that humans might be reading
(and judging) my letters.

~~~
madhouse
Someone, somewhere will read it anyway.

With a carefully calibrated spam filter, one could even make it so that no
human interaction is needed: when the filter tags the message as spam, it
tells that to the user. He can then contact the site administrator if he feels
the software is at fault.

Privacy preserved.

------
colin-de-vries
Those are actually very good ideas. We tried credit card details but we ended
up with a nice database of stolen cards. We have regular customers from
Nigeria, blocking the Nigerian ISP's will also block our good customers. But
the spam filter approach might work. I'll run the data we have trough askimet
to see what the hit ratio is.

Thanks a lot for the suggestions. I really appreciate all your input.

------
singer
In my phpBB forums, I check all email addresses using the API at the website
below. I'd say it eliminates about 90% of the spammers.

<http://www.stopforumspam.com/apis>

