Slashdot Mirror

← Back to Stories (view on slashdot.org)

jQuery Dev Bemoans Overwhelming Spam On Google Groups

Posted by Soulskill on from the discount-llama-pelts dept.

angryrice tips a blog post by John Resig, lead developer for jQuery, about the failure of Google Groups to manage spam, declaring attempts to use it as a public discussion system "completely futile." Quoting: "The final straw was placed upon my patience with the Google Groups system a few weeks ago. Spammers are now spoofing the email addresses of existing group participants to sneak their messages through. Previously you would've seen a delightful 'FREE MOVIE DOWNLOADS' spam from 'freemovies123@gmail.com' — but now you'll see it coming from existing group users — or even the group moderators themselves. This cheat completely bypasses the moderation system since the spammers are pretending to be pre-moderated users. The Google Groups system is completely fooled. The spam message comes in claiming to be from an existing group participant — and according to the Google Groups interface there is no difference. If you click the user's name you'll be taken to a full listing of that user's posts (with the spam messages delightfully interspersed)."

12 of 251 comments (clear)

  1. What do you expect? by Anonymous Coward · · Score: 3, Insightful

    You get what you pay for.

  2. Finally, someone important points out the obvious! by fsterman · · Score: 4, Insightful

    Why the hell haven't they put the same spam filters that they use for Gmail on the discussion lists?

    --
    Is there anything better than clicking through Microsoft ads on Slashdot?
  3. Join the 21st Century by Horn · · Score: 4, Insightful

    Time to move away from the antiquated system of mailing lists. Web based forums are much easier to control and a far, far better way of sharing information with users. I hate coming across an otherwise useful site and then having to go to a mailing list to see what other users are talking about.

    1. Re:Join the 21st Century by John+Hasler · · Score: 4, Insightful

      > Time to move away from the antiquated system of mailing lists. Web based
      > forums are much easier to control and a far, far better way of sharing
      > information with users.

      No local control over filtering and sorting, forced to use your weird UI and editor instead of my own? "Forums" suck. And "easier to control" is not a feature.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:Join the 21st Century by doconnor · · Score: 5, Insightful

      This is an issue that really bugged me. The move to web based forums from Usenet and mailing list was a giant step backwards in functionally.

      Advantages of Usenet and mailing lists over web based forums:

      The user can control the interface
      killfiles
      threading
      discussion on issues where centralized in one place rather then across multiple web forums
      better searching
      better archiving
      less bandwidth

      More advanced web forums, like Slashdot, do a better job of supporting these features, but most people still use very primitive forums.

    3. Re:Join the 21st Century by Richard+Steiner · · Score: 3, Insightful

      USENET has always been far more than a "mailing list", and I could do things to control/filter/sort messages to my liking with Yarn and slrn that I can't even touch with the web-based forum software I've seen (and I've seen a lot of it).

      I really wish web-based forum software would catch up. Even USENET in the early 90's far surpassed it in many respects. Most web forums are nice for posting pictures, but horrible in terms of threading and controlling what actually shows up in your reading list.

      --
      Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
      The Theorem Theorem: If If, Then Then.
  4. Google Beta by slack_justyb · · Score: 5, Insightful

    I see a lot of Google's products needing the oh so familiar Beta label again.
    Seriously, Google's offering is not without it's serious drawbacks, and I suspect that the good stuff is to be had from actual paid services. However, this kind of letting crap slip where people can spoof the name of a valid member is a serious Alpha quality flaw. What's the point of identifying anyone, if everyone can pretend to be everyone else? I mean that is the actually concept of identity, to uniquely label something as different as other things.
    I think Google is trying to take on more than it can handle and it is beginning to really show now that they've removed the excuse of "Beta".

  5. Re:Perhaps a new mail header? by Straker+Skunk · · Score: 3, Insightful

    PGP/GPG is overkill. Just drop messages that fail an SPF check. Spoofing is part of the problem here, and SPF was tailor-made to address spoofing.

    If you do use PGP/GPG, you don't need an extra header for the signature; it's usually added as a small attachment, and better mail clients already pick up on that for verification.

    --
    iSKUNK!
  6. Re:Time to DIY by Rude+Turnip · · Score: 3, Insightful

    1. Spam is theft of service.
    2. Spam is theft of service.
    3. The spam in Google Groups absolutely ruins many groups because the boards are inundated with spam to the point that a real message is like a needle in a haystack. The stock discussion boards have gone to hell in the last few months.

    --
    Bill Clinton: Pimp we can believe in. - The Shirt!!!
  7. Re:Finally, someone important points out the obvio by DerekLyons · · Score: 4, Insightful

    At the very least it should hide the messages from me that I mark as spam. But no, it doesn't even remember which messages I've marked as spam from login to login. They've just dropped the ball for some reason.

    The reason, at least to me, seems abundantly clear: Google has the attention span of a three year old. They fixate heavily on something for a while... then their attention drifts and they are off to the next shiny thing. They've got a lot of products, but no clear vision or effective management.

  8. Re:What's the problem again? by clone53421 · · Score: 3, Insightful

    Why don't you just sign your messages and verify based on signature, rather than something completely meaningless like email-address?

    And once again: Why the hell does google not sign all messages which pass through gmail as "really did come from this address"?

    (x) technical ( ) legislative ( ) market-based ( ) vigilante
    (x) Requires immediate total cooperation from everybody at once
    (x) Lack of centrally controlling authority for email
    (x) Why should we have to trust you and your servers?     (I'm using the short-form.)

    What I mean to say is, you don't have to have a Gmail account to be a member of a Google Group. Your approach might keep people from spoofing Gmail addresses and be completely painless for Gmail users, but non-Gmail users would have to manually configure their mail clients to digitally sign their messages and some (web-based) e-mail clients might not even support this.

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  9. Re:Time to DIY by sbeckstead · · Score: 3, Insightful

    Ooh Ooh is spam theft the same way illegal copying of copyrighted materials is theft? I can't wait to see the argument on this one!

    --
    Why bother