Signup abuse detection and blocking [Paid] 1.20.4
- Thread starter Xon
- Start date
That changes the designation from unknown to know.
It will appear like this in the registration log:
It's not required, just trying to address your specific issue with rejections.
As it is clearly written in the description of the add on:
This add on is complex and can (but also must) be configured to suit you individual needs (or those of your forum) and the behaviour of your users. This is an advantage as obviously needs and behavior differ between forums and obviously there is neither a "one size fits all" nor would it be possible to create a default config that fits your forum optimally. Though the possiblity of individual configuration of the patterns and their individual weight the wide number of patterns to take into account by this add on is possible at all and this is why it works so well. If you are not willing to learn what this add on does and how it works and to create your individual configuration it is simply not for you. This is not a failure of the add on or it's author.
You don't have to. You can adjust the score users with Gmail addresses will get. However: It is a bit problematic as many legitimate users do use gmail-addesses (depending from your audience) but it is clear as water that gmail along with yahoo are the mail addresses that are most used by spammers when trying to register. So it is a bit of a tough choice how to score it.
Get off your high horse. What am I not doing by asking here if its not learning.
Just to touch on this, we processed ~28,600 registrations in FY25. We found that just blocking the '.' method in gmail addresses AND the at-risk ASN's, eliminated about 98% of spammers trying to use gmail accounts. There are a couple of sites out there using gmail temp addresses like "somethingrandom+owpvo@gmail.com" and those were easy to pickup and blacklist with a filter. We don't see much Yahoo anymore these days.
We see crazy nonsense more often now that looks like this:
That particular ASN is driving a lot of trash...
In those cases, SFS does a pretty decent job of snagging them first. We did also lockout non-standard TLDs like .casino, etc.
There was a lot of attempted trash coming from them.
The default for the "Non-allowed email action" option (aka action on unknown email domain) is "none" which does nothing but log it is unknwon. Someone changed this option to "moderate".
You can either add gmail.com to the allow list so it gets registered as a known email domain and gets a score of '0' or change the "Non-allowed email action" option back to "none".
I also recommend my free option history add-on, so you've got history of when options are changed and by who. Which makes troubleshooting configuration for Signup Abuse Detection ad Blocking add-on sane.
You can either add gmail.com to the allow list so it gets registered as a known email domain and gets a score of '0' or change the "Non-allowed email action" option back to "none".
I also recommend my free option history add-on, so you've got history of when options are changed and by who. Which makes troubleshooting configuration for Signup Abuse Detection ad Blocking add-on sane.
Well, complaining, I guess. At least it reads like that. The way this add on works is pretty well described in the add on description, in the texts aside of the options in ACP and in the 50 pages of the thread you are posting to. So reading any of that could have helped. Instead you choose to complain...
...which clearly indicates you did not read any of the existing documentation and failed to understand the fundamentals about how this add on works.
Not sure if that is a good way. I've quite a few regular users that use the "+" syntax in gmail-addresses, let alone addresses with a "." in it. So I'd only use this along with an ASN score but then again is the question of how low the gmail score has to be to not end up in moderation quite regularly.
Regarding the spammers caught by that add on, especially gmail and yahoo: Today it does barely catch any spammers as they do not get until there. I am using Ozzys spaminator and this caught basically all spam registrations apart from a small hand full of manual spammers (as it is dedicated to work against bot registrations). As I blocked the IP ranges the spam bots were using and can do this more efficiently since using IP Threat Monitor via ASN and country blocking for access to any page of the forum now even the spaminator has been idling and only caught 2 attempts within the last two months.
Before that spaminator has constantly been catching bot registration attempts and most of these have been gmail and yahoo, but both w/o a special syntax in the local part, so w/o "+" etc..
Sorry, to clarify, we allow the + but block the specific prefixes that are used as temp/spam address.
So, the filters look like this:
amzhoxvzidbke+*@gmail.com*.*.*.*@gmail.comDoesn't block people that use normal iterations, but keeps the unwanted types out.
I'd have to look at the % of gmail users, but it's in the top 5 and with implemented checks, we haven't had many issues.