*WARNING* IMPORTANT MESSAGE for all people using "free email" accounts.

[uplink]

So here goes: A week or two back I was looking for alternatives to CAPTCHA. Keep the CAPTCHA (makes the site look "legit" for the Indian CAPTCHA crackers), and add something that isn't yet standard. Options:

* An extra field that says "What is 2 + 2?" and the user just has to enter 4 in the field.
* An extra field that doesn't use a hardcoded human readable question or equation, but displays it with alternative letters and digits, eg. "What is 2 plus 2?", "What is two + two?", "What is 4 times five?", "What color is a red car?", "Enter the 4rd word of this sentence".

Still thinking on options. Banning the Internet because there are spammers on it isn't an option.

[Zaerc]

Dude. Stop for a second. I don't have a "mainstream" ISP. I use whatever others throw at me. What you are saying is that I should step away from this Internet thing because I don't have an alternative e-mail address than @gmail.com

I also checked my calendar to see if it's April Fools already, and it isn't.

If anything, we should change the signup procedure to make it harder for bots. I have some ideas if you want to hear them.

Dude, I'm stopping for a whole month.  Have someone throw you a real email account while they are at it.

[uplink]

This just came to mind: Use a MD5 sum of the user's info, and ask the user to provide certain components from it. Characters in certain positions, a range o characters from the string, possibly don't give the positions in progressive order, so characters don't necessarily follow one another in the string (e.g. characters 3, 5, 2).

Have someone throw you a real email account while they are at it.

I should tell you right now that I can't get a "real" email account each time you feel like it to "update" the definition of "real email account". If I get an email with BT and the spammers move there, what then? It's suddenly not "real" enough for you so here I am shopping for the next "real for now" email address?

You may as well delete this forum if you enact this policy, 'cause you'll lose most of the real posters.

[MDH1966]

If you figure out a way to do individual exceptions to policy, I would be willing to do whatever I need to do to validate that I am not a spammer.

Thank you,

 M.

Signing up for a real email address somewhere, is that included in "willing to do whatever I need to do" by any chance?

If I could, I would.  If you have any suggestions, I would be glad to see if they are possible.  They only email accounts that I know of that I could just sign up for are hotmail, gmail, or yahoo type accounts.  The "real" email accounts that you refer to usually come from your ISP.  The only one that comes with my ISP is a Google account.  I can't get DSL, Cable, or FIOS.  I can't afford satellite.  The only other option that I know of is dial-up.  And I am not willing to pay for a dial-up account.

Willing to do anything includes going through whatever vetting process that I need to to prove that I am not a spammer. Or doing some sort of verification for each post to show that I am not a bot.

[Zaerc]

If you figure out a way to do individual exceptions to policy, I would be willing to do whatever I need to do to validate that I am not a spammer.

Thank you,

 M.

Signing up for a real email address somewhere, is that included in "willing to do whatever I need to do" by any chance?

If I could, I would.  If you have any suggestions, I would be glad to see if they are possible.  They only email accounts that I know of that I could just sign up for are hotmail, gmail, or yahoo type accounts.  The "real" email accounts that you refer to usually come from your ISP.  The only one that comes with my ISP is a Google account.  I can't get DSL, Cable, or FIOS.  I can't afford satellite.  The only other option that I know of is dial-up.  And I am not willing to pay for a dial-up account.

Willing to do anything includes going through whatever vetting process that I need to to prove that I am not a spammer. Or doing some sort of verification for each post to show that I am not a bot.

Have a look at: http://en.wikipedia.org/wiki/Comparison_of_webmail_providers, there seems to be plenty of choice.  However keep in mind that when you use a free one that domain will probably be blocked as well when it's abused by spammers.

[MDH1966]

I will look at that and see where it takes me...

Thanks for the help

[bongowongo]

Is there no way you can block all of the gmail, hotmail, yahoo accounts as planned, EXCEPT specific ones belonging to purps, brake16, davegravy etc?

My fear is as much for future participants as current participants. Highly skilled developer X hears about LinuxMCE and decides on a whim to come by the forum to ask some general questions about it. Developer X finds he needs to do extra work to get/activate a non-free email account and quickly loses interest in the project specifically because it's a stupid rule that most other projects work without. Banning free email accounts has an arguably greater cost to the project than the spam itself.

Seriously, lots of other projects manage while allowing free email accounts, what's LinuxMCE's problem?

LinuxMCE's problem is ZAERC. He has decided.

[merkur2k]

too many legitimate users do not have access to any other forms of email, and I know there are other less drastic solutions. this is unacceptable.

[MDH1966]

Zaerc,

Your original post stated, "This will start one month from now with the banning of all yahoo, gmail and hotmail related email addresses."

The list of email accounts in "http://en.wikipedia.org/wiki/Comparison_of_webmail_providers" is quite extensive and there looks to be some free or low cost options.  At least they are lower cost than changing my ISP.

At this point, are you only banning the yahoo, gmail, and hotmail addresses?  In otherwords, if I sign up with  an email provider like AOL or something else from the list that you provided, I will be good to go?

Also, if you decide to ban another provider besides the three previously stated, would you alert us and also give a chance to adjust to the new rule?

Thanks,

M.

[brake16]

I'm sorry, but are you really expecting every member to go through recaptcha for every single post they make?

How about recaptcha for every profile with less than X posts?  1 ought to be sufficient to keep out new spammers, but 3, 5, or 10 would still be reasonable if it were explained, and would block currently registered spammers.

Bryce

[purps]

Why aren't we discussing uplink's ideas? Surely the best and simplest solution?

[davegravy]

I understand there are off-the-shelf captcha systems which are available, but which are high priority for hackers because they are widely used.

If LinuxMCE had a unique captcha system it would likely not be worth a hacker's time to circumvent due to the relatively low levels of activity on the forum.

[Zaerc]

Zaerc,

Your original post stated, "This will start one month from now with the banning of all yahoo, gmail and hotmail related email addresses."

The list of email accounts in "http://en.wikipedia.org/wiki/Comparison_of_webmail_providers" is quite extensive and there looks to be some free or low cost options.  At least they are lower cost than changing my ISP.

At this point, are you only banning the yahoo, gmail, and hotmail addresses?  In otherwords, if I sign up with  an email provider like AOL or something else from the list that you provided, I will be good to go?

Also, if you decide to ban another provider besides the three previously stated, would you alert us and also give a chance to adjust to the new rule?

Thanks,

M.

Only the domains giving out free email accounts (to spammers) are at risk.  Looks like AOL hands them out for free, so that would not be a good choice unless they actually manage to keep their users from spamming, which I highly doubt.

[uplink]

Another idea: have the new user fill in redundant info, like this: type in the data in the "Name", "Location", "email address" and the number XYZ as one string, with each component separated by a semicolon in a dedicated field.

[Zaerc]

...
LinuxMCE's problem is ZAERC.
...

Getting personal now are we?  I wouldn't go there if I were you.