I work for the Atlassian team responsible for answers.atlassian.com and I want to appeal to the community for their feedback as to how we should move forward with the spam issue. I know a lot of you are frustrated by the spam on this system, and I am frustrated as well. I've been working behind the scenes to reduce this problem and recently we have had some successes. I've also heard from a few other users that the changes we have implemented are also frustrating. So, since a part of my job is to serve you, the community, I want to ask for your feedback and thoughts.
(1) We have a group of people out there in the world who post unwanted content to answers.atlassian.com. They typically abandon their accounts (even when they are not banned) after only a few minutes and a handfull of posts. These people are creating new accounts through some mechanical-turk-style method. Many of them have never been banned by other forums, based on my research. To address this part of the problem, I am working on making it harder for them to (a) create an account or (b) to interact with the community once they have an account. To do this, I have configured the system to only allow a limited number of interactions until they have earned a (relatively low) number of points.
(2) When spammers do get through the above protection, we immediately remove their content from the answers.atlassian.com system. I've created something I call "charlie-hates-spam," and this tool runs in the background continually removing spam content. This is a first version, and I need to add email filtering to filter the email notifications that frustrate many of you (including myself). I'm working on that in my 'spare time' (I also have a few other responsibilities at Atlassian, but anticipate that this will be done soon).
(3) The Atlassian Accounts system has implemented re-captcha, and I have confirmed that is working. But that only defeats most automated attacks. It does nothing to help prevent human-created accounts. In these cases, spammers hire low-cost labor, paying them to create accounts on systems like ours. So focusing on the captcha/recaptcha side of the problem probably would have very little (if any) positive effect.
(1) I want to prevent the spammers from reaching the answers.atlassian.com community both via web and email notification. But, I don't know if I want to stop them from being able to create accounts or deliver content to the system. (Disclaimer: that's just my personal desire and does not reflect on Atlassian as a whole or any other person.) I (personally) want to collect as much metadata about the spam issue and use this data to measure the problem and devise better solutions to preemptively block spammers and protect the systems I am responsible for maintaining.
(2) Given the above, this means I need to implement an email filter that blocks email notifications BEFORE they can annoy any of you out there in the Atlassian Answers community. That's coming, and I am working on it in my spare time (and probably during the next Atlassian Ship-It).
(3) Once I have accomplished the above, I want to build a means of collecting and measuring the spam issue in qualitative and quantitative terms. I then want to find a way to feed that metric data back to the Internet community to help other users of Atlassian products protect their systems. (Again, disclaimer, these are things I want to build in my spare time as a part of the Atlassian Answers community...and not as an Atlassian. In my mind, this is not just a job, it's a lifestyle.)
(1) First and foremost, I want you all to keep being awesome. There have been a few occasions where the collective wisdom of this community has helped me solve a problem here within Atlassian. Keep being awesome!
(2) Keep banning spammers! I am actually looking at this like a game, trying to beat y'all to the ban button when I see spam...and you guys almost always beat me. I want to change that. I want my "ban score" to go up and win this "game." Don't make it easy on me.
(3) Give me any ideas you have. I will put them into consideration for how to build a better "spam trap." I'm calling my little side project "Charlie Hates Spam" but I could also use a better name. Any ideas? I could also use some help finding any flaws in my logic (above). Your feedback is appreciated.
I know I've said this one before, but one thing that could help is some simple scanning of content.
We've just had a spam arrive that tries to point us to a web site - " visit:www.drweraga....... " (link removed so I don't make it worse!) If we scanned the content for links, we could then block the original posting completely. Obviously, you'd want to white-list Atlassian domains so that new users can say "Atlassian doc over at .... says" and feedback rejected links with a simple "You can't post links until your karma is high enough" message so that real users understand why they've been rejected.
Be nice if we could spot telephone numbers too...
The current filter appears to be doing a pretty good job of detecting and removing these links and content. I do still need to connect that to email content and notifications.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I thought there was some link blocking :-) Maybe this one slipped through because it didn't start with a url - there's no space between "visit:" and the actual url?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This is a probably very naive suggestion, but about making any new user's *first* post, whether it be question, comment or answer (seems to normally be question), go into a moderation queue. You (Atlassian) would be the primary moderators, but also any mid or above karma user could also hit the "OK" button.
Once they're okayed they're free to post more. Even mechanical turks would not be able to come up with a post that passes for a real Atlassian user.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Oh, also, I'd love you to focus on avoiding these outbound email notification blocks... or at least notice them sooner than the several days it normally takes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
My goal is to intercept the outbound email notifications BEFORE they are sent. However, I don't want to incur the wrath of the community if I accidentally impact other notifications, so I am proceeding a bit slower than I want. However, this is the next challenge.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I want to thank everyone who has contributed feedback on this page directly and indirectly. Since this was posted, we have seen a shifting pattern in the spammers' behavior. The amount of spam that has been missed by the new tools is negligible (i.e. < 1%). If we can apply this same success rate to blocking the email notifications, we will be able to declare this first round successful. Keep the feedback coming. Each of you are my customers, and I will continue to serve you to the best of my ability from behind the scenes. --Sam
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I like all the ideas mentioned here. Maybe a mixture of things can help a lot.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Are there any patterns in the domains the spammers are using? If so, could you use that to possibly modify Jamie's moderation suggestion.
For instance:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Unfortunately, Doug, there are a lot of people who (like me when I was a customer) who use their company email to interact with vendors then use a throw-away gmail account, etc. to interact with the vendor's forum so as to avoid being spammed. I do not want to do anything that would harm those people.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.