Big Red Spamout and Barriers to Entry
June 3, 2008
Over the past few weeks, the spam folder on my Gmail Account has been receiving messages more and more frequently. The great flood of spam mail culminated last Tuesday night when I received over 50 spam messages from one IP address in less than a minute. After notifying the host of the IP address via phone, I decided it was time to compile a list of IP addresses that were not welcome anymore on my website.
Since the beginning of Mike Pinkowish, my personal website, I have logged every IP address that uses the contact form. Today this came in handy when I retrieved 95 unique IP addresses from the database that I identified as spam bots abusing my contact form. I took those IPs and made a table for them in the database for quick reference.
Now, whenever a user visits my site, their IP is checked against my master list. If their IP is in violation, they are redirected to a page notifying them of their status. However, I also took into consideration the possibility that an IP originally marked as spam could be inherited by a legitimate user. To remedy this, I include secure instructions on how to notify me of the issue.
Some people might say, “Why not use CAPTCHA to stop spam bots from sending you message?” (An example of CAPTCHA is when you have to type in those obfuscated characters in a box before you can do something). My response is, why punish every legitimate user who tries to contact me via the form by making them decipher hidden characters, a la Indiana Jones? Instead, I prevent every spam bot from even accessing my site, and in the very rare case that a user inherits a banned IP address, I provide a simple way to remove their IP from the blacklist. This reinforces one of my web design beliefs: Why make people jump through hoops (like requiring a username and password, or complete a CAPTCHA verification) just to do something basic? I call these “Barriers to Entry”. The more obstacles people face in doing something, the more likely they are to give up on doing it. For me, the user comes first, and its my responsibility to make websites that enable people to do what they want as easily as possible.
In the 6 hours since enabling my great IP block, I’ve received a total of 0 spam message originating from the contact form on my site. While the IP ban is effective, the list will require maintenance over time as new bots join the scene. In the future, I will develop my own spam filters which blocks messages effectively based on their content.
-Mike