Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

How does the community believe we should address the Spam issue?

I work for the Atlassian team responsible for and I want to appeal to the community for their feedback as to how we should move forward with the spam issue.  I know a lot of you are frustrated by the spam on this system, and I am frustrated as well.  I've been working behind the scenes to reduce this problem and recently we have had some successes.  I've also heard from a few other users that the changes we have implemented are also frustrating.  So, since a part of my job is to serve you, the community, I want to ask for your feedback and thoughts.

Here are the facts, as I see them...

(1) We have a group of people out there in the world who post unwanted content to  They typically abandon their accounts (even when they are not banned) after only a few minutes and a handfull of posts.  These people are creating new accounts through some mechanical-turk-style method.  Many of them have never been banned by other forums, based on my research.  To address this part of the problem, I am working on making it harder for them to (a) create an account or (b) to interact with the community once they have an account.  To do this, I have configured the system to only allow a limited number of interactions until they have earned a (relatively low) number of points.

(2) When spammers do get through the above protection, we immediately remove their content from the system.  I've created something I call "charlie-hates-spam," and this tool runs in the background continually removing spam content.  This is a first version, and I need to add email filtering to filter the email notifications that frustrate many of you (including myself).  I'm working on that in my 'spare time' (I also have a few other responsibilities at Atlassian, but anticipate that this will be done soon).

(3) The Atlassian Accounts system has implemented re-captcha, and I have confirmed that is working.  But that only defeats most automated attacks.  It does nothing to help prevent human-created accounts.  In these cases, spammers hire low-cost labor, paying them to create accounts on systems like ours.  So focusing on the captcha/recaptcha side of the problem probably would have very little (if any) positive effect.


Here's what I want to do...

(1) I want to prevent the spammers from reaching the community both via web and email notification.  But, I don't know if I want to stop them from being able to create accounts or deliver content to the system.  (Disclaimer: that's just my personal desire and does not reflect on Atlassian as a whole or any other person.)  I (personally) want to collect as much metadata about the spam issue and use this data to measure the problem and devise better solutions to preemptively block spammers and protect the systems I am responsible for maintaining.

(2) Given the above, this means I need to implement an email filter that blocks email notifications BEFORE they can annoy any of you out there in the Atlassian Answers community.  That's coming, and I am working on it in my spare time (and probably during the next Atlassian Ship-It).  

(3) Once I have accomplished the above, I want to build a means of collecting and measuring the spam issue in qualitative and quantitative terms.  I then want to find a way to feed that metric data back to the Internet community to help other users of Atlassian products protect their systems.  (Again, disclaimer, these are things I want to build in my spare time as a part of the Atlassian Answers community...and not as an Atlassian.  In my mind, this is not just a job, it's a lifestyle.)


What do I need from the Answers Community?

(1) First and foremost, I want you all to keep being awesome.  There have been a few occasions where the collective wisdom of this community has helped me solve a problem here within Atlassian.  Keep being awesome!

(2) Keep banning spammers!  I am actually looking at this like a game, trying to beat y'all to the ban button when I see spam...and you guys almost always beat me.  I want to change that.  I want my "ban score" to go up and win this "game."   Don't make it easy on me. wink

(3) Give me any ideas you have.  I will put them into consideration for how to build a better "spam trap."  I'm calling my little side project "Charlie Hates Spam" but I could also use a better name.  Any ideas?  I could also use some help finding any flaws in my logic (above).  Your feedback is appreciated.

5 answers

1 vote

I know I've said this one before, but one thing that could help is some simple scanning of content.

We've just had a spam arrive that tries to point us to a web site - " visit:www.drweraga....... " (link removed so I don't make it worse!)   If we scanned the content for links, we could then block the original posting completely.  Obviously, you'd want to white-list Atlassian domains so that new users can say "Atlassian doc over at .... says" and feedback rejected links with a simple "You can't post links until your karma is high enough" message so that real users understand why they've been rejected.

Be nice if we could spot telephone numbers too...

The current filter appears to be doing a pretty good job of detecting and removing these links and content. I do still need to connect that to email content and notifications.

I thought there was some link blocking :-) Maybe this one slipped through because it didn't start with a url - there's no space between "visit:" and the actual url?

This is a probably very naive suggestion, but about making any new user's *first* post, whether it be question, comment or answer (seems to normally be question), go into a moderation queue. You (Atlassian) would be the primary moderators, but also any mid or above karma user could also hit the "OK" button.

Once they're okayed they're free to post more. Even mechanical turks would not be able to come up with a post that passes for a real Atlassian user.

Oh, also, I'd love you to focus on avoiding these outbound email notification blocks... or at least notice them sooner than the several days it normally takes.

My goal is to intercept the outbound email notifications BEFORE they are sent. However, I don't want to incur the wrath of the community if I accidentally impact other notifications, so I am proceeding a bit slower than I want. However, this is the next challenge.

I want to thank everyone who has contributed feedback on this page directly and indirectly. Since this was posted, we have seen a shifting pattern in the spammers' behavior. The amount of spam that has been missed by the new tools is negligible (i.e. < 1%). If we can apply this same success rate to blocking the email notifications, we will be able to declare this first round successful. Keep the feedback coming. Each of you are my customers, and I will continue to serve you to the best of my ability from behind the scenes. --Sam

I like all the ideas mentioned here. Maybe a mixture of things can help a lot.

  1. Prevent robots
    1. Captcha - already done
    2. Verification code in email - one more step to ensure robots are not easily signing up
  2. Content Verification/Scanning - For humans who get past Step 1
    1. Scan the content and ask captcha for doubtful content. Human will overcome this too but too much trouble I guess?
    2. Whitelist/Blacklist domains, words etc. This is hard but things will be better in the long run I guess?
    3. Do the above ONLY for the initial N posts. Once the user has enough Karma or have posted a few good posts, it is safe to assume that they are not going to post Spam.

Are there any patterns in the domains the spammers are using? If so, could you use that to possibly modify Jamie's moderation suggestion.

For instance:

  1. First time posters in any domain which matches an existing Atlassian registered customer email address domain could bypass the moderation. (common domains like gmail might be a challenge here.)
  2. First time posters from high spam generating domains could be moderated, others not moderated.

Unfortunately, Doug, there are a lot of people who (like me when I was a customer) who use their company email to interact with vendors then use a throw-away gmail account, etc. to interact with the vendor's forum so as to avoid being spammed. I do not want to do anything that would harm those people.

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you