[OpenFontLibrary] OpenID = Let the spam roll in like crazy.

[Ed Trager]

Hi, Dave and Everyone,

Spammers have become a seriously problem for web sites of all stripes
and sizes.  Note especially that the big sites like Google, Yahoo,
MySpace, and Facebook have tons of spam accounts because they are, by
definition, sites that allow everyone to sign up for an account.
Those sites have millions of valid users -- and a presumably a
proportionate fraction of spam accounts too.

So this just means we will have to carefully consider how to address
this issue.

As far as I remember, the "file upload" code that I had developed and
handed over to Ben for the OFLB beta does some checks to see if the
font files included in a zip package are really font files (as opposed
to trojan files that happened to be named with ".TTF" or the like).

In light of Fontfreedom's comment, it will be worthwhile to revisit
that code and see whether additional rigor and vigilance is required
before going live.  This is certainly an important part of what we can
do to avoid spammer activity.

The fact that OpenId is attacked by spammers does not necessarily mean
that OpenId is at fault or an inappropriate choice.  I think most of
us will agree that it is still worthwhile to use Google or Facebook
services even though those sites suffer from orders of magnitude more
spam accounts than smaller sites.

So I'm personally not yet ready to discount the possible value of
using OpenId as a login service.  A further investigation of the
merits --or lack thereof-- is required.

Best - Ed

On Wed, Mar 10, 2010 at 4:49 AM, Dave Crossland <dave at lab6.com> wrote:
> On 9 March 2010 21:57,  <Fontfreedom at aol.com> wrote:
>> OpenID = Let the spam roll in like crazy.
>>
>> I've used it on my sites b4...I do drupal dev, and that's just it...
>
> Okay cool. How do you block spam?
>