Fighting spam: Spam-free guest book
The ultima ratio against unwanted comments
Sooner or later you are going to encounter the problem that a spammer actually
succeeds in bypassing your security measures, and a spammy message shows up in
your guest book. This might seem insignificant considering the amount of spam
actuallly being sorted out, but that nevertheless is annoying. However,
successfully publicizing implies a sense of achievement for the spammer, and
that's something to be prevented.
You should therefore arrange for an option to have a new entry not just show up
in your guest book, but that instead offers you the opportunity to review it.
This gives you the opportunity to discard unwanted entries before anyone gets
to see them as well as adjust your filters so that this type of entries isn't
accepted any more. This may not entirely stop those attempts to spam, but none
of them are going to be met with success, because you can dispose of them
beforehand.
It's not just spam that's a problem!
There are a lot more messages that better shouldn't show up in your guest book,
for example bawdy or insulting comments, slander, defamation, or even messages
of a revolutionizing or villainizing nature. This list could be continued.
As different the purpose of these messages may be, they all have in common that
they are unsolicited and potentially could get you, the operator of the guest
book they are appearing in, into trouble, be it because of action for
injunction, other civil claims or even up to a demand for a penalty in extreme
cases. This alone is a substantial reason to decidedly crack down on nonsense
like this and review any entries before publicizing them in the first place
helps get you out of harm's way.
Help from the community
After all, you cannot constantly keep an eye on your server and therefore on
your guest book. Just in case something slips past the radar, you can offer a
link for each entry in yiur guest book that enables your users to notify about
potential problems. If such a link is triggered, the only thing you have to do
is set a flag in the respective entry and have a notification sent to you by
e-mail if desired. That way you get to know very quickly whether there is
anything objectionable and can then determine if you can clear the flag, because
the contribution proves to be benign, or instead hide or even delete it.
In the latter case it won't be displayed any more after either action, but
merely hiding an entry can secure important evidence if worse comes to worst,
in case problems actually do occur. In this case you should also retain some
additional information in the contribution which definitely should include the
point of time of creation and the author's IP address. This allows for
determining the originator of a message providing he doesn't use an
anonymization service.
Unfortunately using an anonymization service can devalue this evidence, because
the author cannot be determined by means of the IP address. In this case you
should provide an option to block access if someone uses an anonymization
service for accessing your guest book. This, however, doesn't have to be done
if you authenticate the author of the message by confirmation mail.
Tor,
for example, offers a publicly available list of all of its exit nodes which you
can use to check the IP address for rejecting connections if necessary.