Google Groups Spam Uprising – Securing your list

Posted by jeremyclarke on September 9, 2008 · General · GlobalVoices

Global Voices uses a lot of email lists to communicate, in fact as time goes on we realized that if anything Global Voices IS just a bunch of mailing lists. Yeah the product is a giant journalism website, but without the mailing lists there would be no posts. Just for fun here’s a graphic illustrating the detail with which we organize our mailing list communications:

gv mailing list graphic - small

(graphic by Solana Larsen, click to see bigger version)

Most of those lists run on the Google Groups service, which like everything Big Gee does is simple, elegant and feature rich, epecially in how it presents archives on the web in case you don’t keep them in your mailbox. It lets us keep using the fairly-archaic but very effective email list structure while also giving us the same opportunities as say a web-based forum or Drupal community.

Google Groups SPAM and how to stop it
In the last few days a lot of our extra groups have started getting spammed by sham user accounts that join your group and post about puffy nipples and see-through tops, something that never happened before. It seems that Google uses a captcha (“type in the letters to prove your a human”) to stop such spam accounts that used to work, but now the spammers have managed to solve it using robots and thus create all the accounts they want. (here’s an article about it with an annoying ad before you can read it)

So far it seems that only open-membership groups are effected, so if your group is invite only or you moderate your posts you shouldn’t have too many real problems. That said, at Global Voices we’re discovering that some of our open groups used to feel closed, and need to be secured now that the spam has started.

If you run a google group, log into the admin interface by going to groups.google.com and choosing your list, then go to GROUP SETTINGS > ACCESS (access is a tab at the top) and check the following settings:

  • Who can join? : If your group is small/exclusive enough then you might want to set this to “People can request an invitation to join”, that way you get an email before they join and you can check their posting history to see if they look like spammers. Each Google Groups user has a profile, and the spambots show their colors with the obviousness of their previous postings to other random groups.
  • Who can post messages? : If you are only using your list to send messages out and don’t actually have disucussions, set this to “Managers only”. It should definitely be set at least to Members only.
  • Message moderation: Choosing the “Messages from new members are moderated” option should help stop spammers. Unless you approve every new user account (time consuming and frustrating for users) the spambots will be able to create accounts, but in my experience so far they always post right away with some sex spam, so if you moderate just the new messages from each member you’ll avoid anyone else seeing the spam.
  • Save Settings: Dont’ forget to save!

I’ll try to update this post if my advice turns out not to work. Any other advice about securing GGroups from this stuff without completely locking them down is very welcome!

Posted by jeremyclarke on September 9, 2008 · General · GlobalVoices

1 Comment

  1. Peileppe

    That spam attack wave still affects some google groups – those with low activity – so still need to be cautious when opening url there !!

    November 29th, 2008 at 7:43 am

Add new comment (email only seen by Jeremy)