jQuery Dev Bemoans Overwhelming Spam On Google Groups

angryrice tips a blog post by John Resig, lead developer for jQuery, about the failure of Google Groups to manage spam, declaring attempts to use it as a public discussion system "completely futile." Quoting: "The final straw was placed upon my patience with the Google Groups system a few weeks ago. Spammers are now spoofing the email addresses of existing group participants to sneak their messages through. Previously you would've seen a delightful 'FREE MOVIE DOWNLOADS' spam from 'freemovies123@gmail.com' — but now you'll see it coming from existing group users — or even the group moderators themselves. This cheat completely bypasses the moderation system since the spammers are pretending to be pre-moderated users. The Google Groups system is completely fooled. The spam message comes in claiming to be from an existing group participant — and according to the Google Groups interface there is no difference. If you click the user's name you'll be taken to a full listing of that user's posts (with the spam messages delightfully interspersed)."

Time to DIY

[clang_jangle]

Looks like a good time to learn to admin a mailing list.

Re:Time to DIY

[bruce_the_loon]

Ha ha ha ha ha ha ha

You really truly honestly believe the spammers are paying for their own bandwidth? They're riding on bot-nets and open relays costing someone else their bandwidth. Most of the spam I see on the filters at work comes from residential networks.

Re:Perhaps a new mail header?

[simcop2387]

that's the whole point of public key cryptography so yes it would work.

Google already has a solution in Labs

[Zocalo]

Google Mail has a feature in Labs whereby they identify social groups within your email contact so that if you exchange a lot of emails between a certain group of people and suddenly add a new recipient it will flag a possible problem. Surely it would be possible to apply a similar methodology to Google Groups only with the IP addresses messages originate from - send from a new IP assignment and the message gets moderated, no matter how many successful posts you've made from elsewhere.

Re:Join the 21st Century

Except forums are locked into the crappy UI of whatever forum package the admin happened to pick, whereas mailing lists let you use any email client you want.

Oh, and forums still get spam.

Report spam

[nkh]

Google Groups was a good idea with a bad implementation. Last time I checked, there was no fast way to report a spammer, you have to click 3 or 4 times and be redirected to different pages before having just one message successfully reported.

Re:Report spam

[MWojcik]

Last time I checked, there was no fast way to report a spammer, you have to click 3 or 4 times and be redirected to different pages before having just one message successfully reported.

That must have been long time ago. Now you have "report spam" link right by the thread summary (you don't have to even open the thread) and at each message that doesn't result in opening new window/following the link.

Re:Perhaps a new mail header?

[Volante3192]

An amazingly common misconception. People don't actually buy things advertised by spam. Err, [citation needed]?

Here's mine: http://arstechnica.com/web/news/2009/07/12-of-e-mail-users-try-to-buy-stuff-from-spam-e-mail.ars

Slightly less than half (48 percent) said that they have never clicked on a spam e-mail. That's the good news, but that means the other half have clicked on or responded to spam. But why? The answers will undoubtedly horrify you. A full 12 percent said that they were interested in the product or service being offered—those erection drug and mail order bride ads do reach a certain market, it appears.

Seventeen percent said that they made a mistake when they did so—understandable—but another 13 percent said they simply had no idea why they did it; they just did. Another six percent "wanted to see what would happen."

Re:Perhaps a new mail header?

The idea is that the key identifies with that particular e-mail. Signing up for "IRn0tFagg0t@gmail.com" would get you a key proving the identity of the author. Copying this key and trying to use it as "Emmanuel.Stewart@gmail.com", wouldnt fool the system at all (because it would look like it is coming from ES, but authenticating as IR).

Re:Perhaps a new mail header?

[maxume]

It's that, and also a collection of mailing lists that are not mirrored to Usenet. People interact with those mailing lists using email (the group discussed in the summary is a mailing list that is not mirrored to Usenet...).

my settings

[Deanalator]

We were having some problems with this on the wimax hacking google group.

About a month ago I set all posting options to members only (read is still public, the group is listed in the directory, and there is no moderation). I then set it so people need to request an invite to join. The signup page says "Sorry, about the inconvenience, but spam was starting to ramp up, so now users have to request membership manually. Anyone who is human is welcome, and encouraged to join."

There has been zero spam since the change.

It would be nice if there was an option to just let people solve a captcha to join the group, but until then this solution is working fine.

Block posts to Usenet via Google

[Animats]

Maybe the answer is to block posts to USENET that come in via Google. That seems to be the source of the trouble.

Looking at the newsgroup "comp.lang.python", all the spam seems to be coming in via "posting.google.com" with GMail return addresses. Bulk-created phony gmail accounts are such a source of spam that they should be blocked until Google gets their act together. At this point, we have to view GMail like Hotmail, another free email account system made useless by spammers.

Hotmail is widely blocked. Next, Gmail?

Re:Block posts to Usenet via Google

[bipbop]

I blocked gmail a couple years ago for this reason. It's annoying though, because there are a lot of legitimate gmail users who I'm blocking, but I'm willing to miss their messages in exchange for blocking a much larger number of spam messages. It sucks, but it's the least effort solution as a reader.

Also, this isn't a new problem, and it's pretty unlikely that it'll go away AFAICT. Google Groups has always been a group that Google's least competent employees work in (again AFAICT; I have no personal knowledge of them, it's just consistently been their worst product) and I'd be pretty surprised if things turned around now.

Re:Join the 21st Century

[Richard+Steiner]

Killfiles and regex-controlled score files that can both sort and enhance/block messages based on reader-defined criteria. Very very powerful, something the DOS-based SOUP reader I used to use (Yarn) did back in the early 90's, and something which I've not yet seen even roughly approximated in a web-based forum.

Folks who say that USENET is "antiquated" have no idea of its potential, or how experienced users were able to utilize it in practice.

Re:Ebarassing for group admins

[twoshortplanks]

If you RTFA, or hell, read the summary, you'll note that spammers are posting using the addresses of existing members, meaning that new-user moderation is bypassed.

Re:Question to JQuery developer, why use it?

[laffer1]

I can answer this one, time. The more time developers spend administering yet another system, the less they get actually working on their open source project.