Let's see how to turn Dolphin into SPAM-repellent! Ideas. Tips. Tools.

Your fresh-out-of-the-oven social network is up and running. Hosting server optimised, friends invited, initial marketing campaign launched, coffee is still hot and... TA-DA! The first member joined! Name is "Prudence", wants to "meet nice people", and... WOW! Another one! Girl again... posting in blog already... something about designer bags..? WTF!?! Before the day is out your server is bogged down by a spammers and scammers, both virtual and real. Another coffee, two hours of cleaning up, marketing campaign suspended.  Time to research and see what is to be done to prevent the next onslaught.

Dolphin The Spam Magnet

Pretty much every successful CMS is targeted by spammers as an easy target for spam automation, or at least familiar environment for click-monkeys. Spamming business requires scale to be lucrative, so they can't afford dealing with "special" sites or sites that have extensive array of anti-spam tools in place. So, let's discuss what can be done to equip your Dolphin-based social network to effectively ward off automated attacks and attract little or no attention from the evil hordes of organic bots. Dolphin already has quite a few tools in place, but they require setting up properly to be effective. We are also very keen to hear your ideas on what else we could add to the platform to further spam-proof it. 

Dolphin Antispam Tools

These are accessible via Dolphin Admin panel. Just log in to your admin and go to Tools > Antispam Tools.

DNS block lists 

Your first line of defence. Enable this tool and activate default lists.  You can look for more lists online and add them. These include known IPs of spammers, proxies, spambots, abusing countries.

URI DNS block lists 

Next, we cut off the hand that feeds them. This tool works with lists of known spam-associated domains. If such domain exists in the text, it's marked as spam. Spammers don't have as many "clients", so tracking them is a little easier. A URI DNSBL lists the domain names and IP addresses which are found in the "clickable" links contained in the body of spams, but generally not found inside legitimate messages. This antispam method scan submitted content for the urls and check them if any of them is a link to spam site. If such url detected in the text then content is not submitted. You can also add domains and URLs yourself. 

Akismet

Powerful anti-spam service for comments from Wordpress. It's free for non-commercial sites and $5/month for commercial ones. You will need to get an Akismet API key to activite it.

StopForumSpam  

Yet another blacklist service from the good people at Stop Forum Spam. You'd only need the API key to be able to add your spammers you caught to the common database. The service is free, by donation. 

Other Helpful Features

Along with dedicated anti-spam tools, Dolphin has equipped a few more "guns"

- "Nofollow" attribute for external link is automatically added

- Captcha security image to stop slow-down bots
- CSRF tokens in forms
- Protection against submitting the form with automated tools
- Email confirmation
- Members pre-approval settings
- Content pre-approval settings
- Membership levels without posting privileges
- Registration by invitation only

- Split join form (configurable using join form builder)
- Security question (configurable using join form builder)

- Also a paid join form is coming in Dolphin 7.2 soon

Just think about which options would suit your site niche without alienating legitimate members. There is a bit of legwork to be done setting it all up, but that's part of the fun of being a webmaster!

What Else?

Now let's see what else you could do to aid in the battle and also what do you think we could do to further improve Dolphin's anti-spam ammunition. 

Renaming Join Form

It's been a known trick for a while with some members reporting good success. Just renaming the join form file name seems to help a lot. 

Custom Join Form Names?

As an extension of the above trick, we could try to create "custom" names for the join form of every site. Something like "join-thisandthissite.php". This would mean that spam-bots would require specific configuration for every site. It's a tricky thing to do, so let's talk about whether you think it may be an effective option?

Paywall?

As I mentioned, we are already adding a "paid join"  feature to 7.2. The idea of Paywall is to charge a small fee for the right to publish visible content. This is 100% effective, but slows down registrations. We use a form of Paywall here on Boonex.com. Paywall must be well-communicated - you have to clearly explain to your visitors that the fee is small and is only for anti-spam purposes, in their best interest, keeps the site clean and can be refunded on request. A small $3-5 fee will do the trick, however depending on circumstances, it may be more effective to use Paywall after the free registration, in a form of paid membership levels. Please, share your ideas and vision on what would be the most effective Paywall system for Dolphin Pro?

SitePoints?

Another popular method is to require new members to gain some "points" before they can start posting public content or contacting other members. In this case you would generally allow posting some "safe" content like plain-text comments, and even that with limited amount per day. They get some points for all comments that stay published for more than a few days, or for friend-requests from other members, or posts to their profile feed by other members, etc. Just actions that hint on legitimacy of the new profile. Once certain amount of points is reached - they get upgraded. Such tool could be improved beyond anti-spam usability, but again, it's a serious system improvement that we first need to plan right, so please share your ideas. 

And what are your favourite tricks?