Hello,<p>I run a service called BlueMailCentral.com. That allows you to send a letter (snail mail) from your PC to any country in the world. As a marketing instrument the first letter is free of charge, no questions asked, no payment needed. The problem I have now is that a group of people are abusing my system to send out the famous Nigerian scam mail. (I can't believe people still fall for that.)<p>Besides the fact that it is actually costing me money it also damages BlueMail’s reputation because my logo/url is on the back of the envelope containing the scam letter.<p>My problem is that I want to stop them while maintaining the low threshold for the real customers.<p>As far as I can tell they handle the registration process manually, that makes solutions like (re)capcha etc useless.<p>Any ideas/tips/suggestions ?
Ideas:<p>* One idea is to use the classic "Give us your credit card details first" approach. You allow people to create accounts but, once they go to send their first free letter, you explain that "To protect against spam, we require that you confirm your credit card details. Your card will not be charged for this letter."<p>It isn't optimal if what you want are signups but it would definitely decrease fraud.<p>* What about using an IP address filter that prevents people using proxies or IPs from certain countries (Nigeria for example) from using the free service?<p>* What about pretending to send the letters from Nigerian/certain IPs but not actually doing it? This way would allow you to see patterns: which IPs or IP blocks were abusing the service, which search terms you could automate for blocking, etc. Basically you send back a "Your letter has been sent!" response to the user but you don't actually do it.<p>* What about requiring telephone confirmation of address info?
Run a spam filter on the incoming messages, if the filter tags them suspicios, require manual review before postage.<p>Another option would be to check whether the abusers are coming from a specific IP range, and simply deny access to them.
Those are actually very good ideas. We tried credit card details but we ended up with a nice database of stolen cards. We have regular customers from Nigeria, blocking the Nigerian ISP's will also block our good customers.
But the spam filter approach might work. I'll run the data we have trough askimet to see what the hit ratio is.<p>Thanks a lot for the suggestions. I really appreciate all your input.
In my phpBB forums, I check all email addresses using the API at the website below. I'd say it eliminates about 90% of the spammers.<p><a href="http://www.stopforumspam.com/apis" rel="nofollow">http://www.stopforumspam.com/apis</a>