spam

Post-Mollom, what are the best options for preventing spam for Drupal?

Mollom End of Life Announcement from their homepage

Earlier this month, Mollom was officially discontinued. If you still have the Mollom module installed on some of your Drupal sites, form submissions that were previously protected by Mollom will behave as if Mollom was offline completely, meaning any spam Mollom would've prevented will be passed through.

For many Drupal sites, especially smaller sites that deal mostly with bot spam, there are a number of great modules that will help prevent 90% or more of all spam submissions, for example:

reCAPTCHAs are easier to read—but they're still a bad idea

From the article reCAPTCHAs are finally readable by normal humans:

Google today announced that reCAPTCHAs served up to humans are finally readable without the need to squint your eyes or bang your keyboard in frustration after typing the wrong sequence of letters five times in a row. Who can even read those things, amirite?

I'm glad Google is making CAPTCHAs easier for humans to read. For the very, very rare times when they're necessary, that's a good thing.

However, I want to make an appeal to the thousands of developers who are thinking of implementing a CAPTCHA to deal with their site's form/registration spam: use CAPTCHAs only as a last resort.

CAPTCHAs - the Nuclear Form Spam Prevention Technique
CAPTCHAs: The nuclear option.

Mobile Phone SMS Spam Can be Expensive

I recently started receiving spam (unsolicited) text messages on my iPhone. I first received one on New Year's Eve, at 8:31 p.m., and then again at 5:00 a.m. a few days later (nice wakeup call... thanks).

These messages were all from some company named 'GagaCell', which didn't turn up many good search results (most were about Lady Gaga, and I'm pretty sure she doesn't harass people with text messages—just her music and lack of style.

GagaCell IQ Spam Text Message

After some online research, I discovered that many people, even after sending STOP to these shortcodes, end up with monthly charges on their cell phone bills. Since I watch my bill pretty closely, I noticed that, all the sudden, I was getting a $9.99 subscription from 'BULLROARE', a content provider I'd never heard of, from short code 31850 (The subscription name was 'IQ32CALL8668611606').

User-friendly spam prevention for your Drupal site

...such is the title of my session proposal for DrupalCon Denver 2012. I'm aiming the presentation at beginners, but it should be helpful for anyone with a Drupal site that has fought the battle with spammers—and lost.

Preventing form spam chart

Since I've had experience building and maintaining a variety of sites, from small blogs with a few posts a week, to large community sites with hundreds of posts and user accounts created per day, I figured I would try to share some of my experiences and what worked and what didn't. I hope to talk about the importance of keeping your site's user experience (UX) first, while still fighting off spammers, and then speaking about particular use cases and solutions.

Preventing Form Spam

Spam email folder - Gmail interface

There are many different techniques for preventing form spam on your website, and an important component of the battle against spam is your constant struggle between giving your 'real' users a good experience while preventing spammers and automated bots from spamming you and lowering the quality of the content on your website.

A Constant User-Experience Battle

Usually, the first thing someone will do after having trouble fighting spammers by manual comment/content moderation is place a complex CAPTCHA system on their forms. Something like this:

Spam CAPTCHA text difficult to read