I was thinking about preventing spam on websites which allow posting to by third parties, such as message boards, commentable weblogs, and so on. The solution that eventually presented itself seems, after some consideration, unbreakable, and shouldn’t inconvenience legitimate users much:
- Require registration
- but make it easy, such as by intiating the registration process when someone posts anonymously.
- Moderate registrations,
- but let users write posts before their account is approved
- without actually showing their messages until it is.
- Finally, the software should trash an unapproved account’s posts if the administrator rejects it.
As far as I can tell, there is no way around this scheme, and it ensures that no one can spam without first going to the effort of writing at least one sensible post. Spammers are not generally going to do so.
Even if the site presented such a juicy target that they did, this scheme ensures that all their spam is associated with a single name, since they must use an approved account for their posts to show up. Spam can therefore easily be removed en bulk with surgical precision.