jQuery Dev Bemoans Overwhelming Spam On Google Groups

angryrice tips a blog post by John Resig, lead developer for jQuery, about the failure of Google Groups to manage spam, declaring attempts to use it as a public discussion system "completely futile." Quoting: "The final straw was placed upon my patience with the Google Groups system a few weeks ago. Spammers are now spoofing the email addresses of existing group participants to sneak their messages through. Previously you would've seen a delightful 'FREE MOVIE DOWNLOADS' spam from 'freemovies123@gmail.com' — but now you'll see it coming from existing group users — or even the group moderators themselves. This cheat completely bypasses the moderation system since the spammers are pretending to be pre-moderated users. The Google Groups system is completely fooled. The spam message comes in claiming to be from an existing group participant — and according to the Google Groups interface there is no difference. If you click the user's name you'll be taken to a full listing of that user's posts (with the spam messages delightfully interspersed)."

Tragedy of the Commons

[oldspewey]

I used to be an avid newsgroup participant way back in the day. The flamewars were legendary, and the amount of technical information exchanged on some of those groups was beyond description.

If there were a way to use spammers for fuel, I'd have no qualms solving our energy woes that way ...

Time to bring back the cancelbots?

[argent]

If this is a Usenet group that Google Groups is just providing an interface to, I guess it's time to bring back the cancelbots. UDP against Google. It's come close before.

If this is one of the Google Groups that's a web forum, then they need to require that you actually log in before posting.

Ebarassing for group admins

[Morris+Thorpe]

I created and admin a Google group for my son's high school team. We have coaches about 120 parents in the group.

Even though it's a pain in the ass, I chose to moderate messages for new members. Still, spam gets through. As the group's admin, it's embarrassing to see graphic messages and know that all the parent's on my kid's team are seeing it. Also, moderation means that some messages may not get through in a timely manner.

I'm looking to migrate the group to an alternative now.

Re:Perhaps a new mail header?

[_Shad0w_]

If a spammer can easily spoof a legitimate user's cryptographic signature on a given block of text I would be very surprised. The only practical way that could happen would be if the user's private key was compromised - if that's the case you just issue a revocation certificate for the compromised key.

Requiring users to sign up using their public key and then requiring all posts to be signed isn't completely ridiculous. It may be a OTT for most groups and possibly beyond the ken of a lot of users, but it could be done. You would just have to parse the all incoming mail to make sure they had a valid signature and that the signature was made using a key that matched a register group member. Although I couldn't comment on how much processing overhead that would create.

Re:Finally, someone important points out the obvio

[baxissimo]

Google Groups serves as a face to Usenet, yes, but it also advertises itself as a place to create new groups which are hosted by Google, as an alternative to setting up your own mailing list. I suspect the jQuery folks are using a Google hosted group. The spam situation is indeed ridiculous, and Google could indeed do something about it. They even have "report spam" buttons on all the messages, but so far as I can tell clicking on those buttons has no effect. At the very least it should hide the messages from me that I mark as spam. But no, it doesn't even remember which messages I've marked as spam from login to login. They've just dropped the ball for some reason.

Is there a reason to keep archives private?

[tetranz]

This is more to do with Yahoo Groups than Google Groups but they seem similar. Recently I've joined several Yahoo Groups about specialized ham radio topics. Nearly all of them keep their archives private. I have apply to join (basically push a button and say who I am) and then wait for approval from the admin. Once approved I can read the archives and also post. Posting from members is usually unmoderated. It's painless enough but still very frustrating when I'm just searching around for information and a quick look at the archives is probably all I want.

I don't mind having to join if I want to post but do they achieve anything by keeping the archives private? Yahoo obscure the email addresses so spammers' 'bots are not going to get much from them. I've asked several admins "why do you keep the archives private?" and have not received a convincing answer. It usually goes something like "I understand your frustration but we have a lot of trouble with spam" and sometimes goes on to imply what a silly question I asked. Well ... I still don't see how keeping the archives private helps to reduce spam. I haven't been a group admin so maybe I'm missing something.

I can understand keeping archives private or non-existent for a group on a personal or private subject but that doesn't apply to these groups.

My guess is that this is Yahoo's default setting when a group is created and few admins really think about it. Of course Yahoo want as many people as possible to join.