Lots of good stuff there. Here's a few additional thoughts based on how I have things prioritized in my mind ...
Comment Management - I fully agree this should be done soon. Comment Moderation - Personally, I would push this further down the list. My belief is that most people don't want to hassle with approving every comment on their blog, plus I think it kind of devalues a weblog when you know your comments are being audited. I also think this won't actually reduce the amount of spam a weblog gets, only the amount that ends up on the weblog. A weblog that gets spammed to death may bury a user in approval notifications. Blacklist Management - I would like to see more stats on how effective this is before agreeing to continue using it, at least for comment and trackback spam. My belief is that the Math and Captcha authenticators is really all we need for comments, and the Trackback Validator is all we need for trackbacks. Referers are harder to deal with and maybe the Blacklist is the best bet in that case. Command-line database cleanup utility - Why make it command line? Why not include it in the webapp as part of the admin toolset? Disable referer display (site-wide) - I think this is a must. I believe this should be something done in the RefererManager implemenations and should allow site owners to define how they want their referer data used. Throttling - Very cool idea, but I agree this should be at the end of the list. Comments Newsfeed - I don't see why this is better than email notification, but fine. Trackback verification - I think this is a must and should replace Comment Moderation on the definite list for Roller 2.1. I believe that trackback spam represents the overwhelming majority of the spam we get today and this seems like the best way to fight it. Referer verification - This is harder because of the performance hit. You definitely don't want to do this on every request. The verification for trackbacks is okay because trackbacks happen only seldomly, but a referer verification would happen on all requests :/ Typekey authentication - Seems like a cool idea, but I agree this should also be very near the end of the line. So that's how I see it. The only real difference being that I think Trackback Verification should be done instead of Comment Moderation, and I think the cmdline tool should be built into the webapp instead. -- Allen On Fri, 2005-10-28 at 07:09, Dave Johnson wrote: > I added some specific proposals for spam prevention/management, some > for Roller 2.1 and some for later releases: > > > <http://rollerweblogger.org/wiki/Wiki.jsp?page=Proposal_SpamPrevention> > > Each of these could/should be written up into a more detailed > proposal/design, but I'd like to get some feedback first, if possible. > > - Dave >
