I've been seeing the number of messages on my site - UniversityTutor.com - increase a lot lately. It looks like a lot of them are phishing emails (the same common Craigslist scam where they send you a fake money order and ask for a refund) and Google Analytics shows an unusual amount of traffic from Nigeria.<p>I have in place:
* captchas
* rate limiting per account
* geocoding the IP to block Nigeria<p>Because of the captchas I'm pretty sure humans are sending the messages (not bots). Of course the rate limiting and geocoding isn't fool proof because they can create new accounts and proxy the IP. So I am still seeing lots come through.<p>Any clever solutions to this? Thanks!<p>P.S. I'm looking into Evercookie and Panopticlick, but not sure if these are production ready yet.
How do you validate the email address? You may consider DNSBL (DNS Block List) validation which is basically a dns lookup at an rbl site like dsn.rfc-ignorant.org, zen.spamhaus.org, bl.spamcop.net.<p>Learn more at <a href="http://tinyurl.com/6ba6mq" rel="nofollow">http://tinyurl.com/6ba6mq</a>
You're not using an effective captcha
=> Confirm Human: 2 + 2 =
Consider a more powerful implementation like <a href="http://www.captcha.net/" rel="nofollow">http://www.captcha.net/</a>