My Email is my Passport; Verify Me

SparkFun is taking steps to ensure that our user community is a safe space. That means we need to make a few changes.

Favorited Favorite 0

SparkFun is taking steps to ensure that our user community is a safe space. That means we need to make a few changes.

Recently a lot of our commenters have been frustrated by one of our latest changes to SparkFun's commenting website. We are asking our user community to verify their email addresses before we let them comment. While this is an inconvenience for our customers, it is a pretty important step for SparkFun. We want to try and make SparkFun a safe place for everyone to come out and play. This includes our blog platform. We want to have a conversation with our user community, which means the community needs to have valid email address.

Verify Me!

We are trying to stop spambots. While this isn’t a perfect solution, it is a road block. We want to make it just a little harder for the bots to think we are a solid forum for spamming. That being said, we don’t want it to be too hard for you, our loyal reads and customers either. This balance is what we are trying to strike.

No one wants spam

Curse you, spambots.

Also, we might not stop at valid email addresses on comments. There are tools at our disposal; how we use them affects you and we are aware of that.

Moving forward, we’ll probably make validating your email address one of our steps in the account creation process. We haven’t implemented this yet, in an attempt to get it right. We still want customers coming in and checking out while creating a new account. We are working through all of these steps now. Everyone already registered is going through the process of validating email address as you comment around our blog platform. Soon new users will most likely need to validate email addresses to create accounts.

SparkFun had a Captcha system for a while. It was disabled when enough people complained it was hindering their shopping experience, but that was before we had a guest checkout system that allowed purchasing without registration. Implementing Captcha again is on the table and being discussed.

Verify today and join the conversation

Running a modern E-Commerce website is a complicated collection of trade-offs. SparkFun is committed to creating an environment that is welcoming to customers of all types, but we also have to do it in a way that is responsible for our team. SparkFun is working to make the right decisions. As we slowly implement new features we want to keep our user base informed. As we implement these features please let us know what you think. Validate your email address today and speak your mind. We’re listening!


Comments 36 comments

  • RobertEly / about 9 years ago / 7

    This post references the movie Sneakers (1992): http://www.imdb.com/title/tt0105435/

    No, It's not available for stream on Netflix, but it's well worth tracking down a copy.

    • The Doctor Doge / about 9 years ago / 2

      Wow... a good hacker movie! Loved it!

    • laserhawk64 / about 9 years ago / 1

      You get aaaaaaaaallll the fun stuff...

      ;)

      Great movie!

    • Double M / about 9 years ago / 1

      I love 'Sneakers', I can still remember buying it on DVD to take to my college math club's movie night.
      I saw 'Sneakers' at a very impressionable age. I think it is why I wanted to go into pen testing and red team. Basically, reverse engineering security systems has always been a passion of mine, this is probably why.

    • North Alabama PC / about 9 years ago / 1

      Yep, great movie!

  • Erik-Sparkfun / about 9 years ago / 4

    For the record, we also already have a comment filter in place where we essentially just enter a regex for certain words/whatever. Took us forever to figure out how they got through said filters before we realized they inserted non-printing characters in the middle of URLs and stuff, leading to beautiful regexes.

    I was going to paste one of them in here before I realized it would be filtered out by one of the other regexes and this comment wouldn't show up. :)

    • 172pilot / about 9 years ago / 1

      Couldn't you just normalize the comment text and remove the non-printable characters before letting the post go in anyway? To me, I'd think if someone is posting non-printable characters, I can't think of any reason that would be a necessary feature to allow..

      • Erik-Sparkfun / about 9 years ago / 1

        Sure, that's definitely one of many solutions we could use. This obviously happened after we had already implemented a filter feature, though, and truth be told, we have a looooooong list of other features that our time is better spent working on. :)

  • XLT_Frank / about 9 years ago / 3

    To deal with spammers and server load have you considered using the four different available lists from https://www.projecthoneypot.org/ to input into your firewall or reject at the httpd? This saves bandwidth and server load as the crawlers cannot request resources. When I used to run some webservers, this was a huge performance increase.

  • kabram / about 9 years ago / 2

    I have to ask - why do you need those who have placed multiple orders in the past to still verify email addresses? It would have been a touch of class to allow users who have placed orders to be "pre-verified."

    • Double M / about 9 years ago / 1

      We had discussions about pre-verifying a bulk of users. We decided that there was some benefit in having everyone verify their email address, even if they had just recently places some orders. It was also much easier to implement this way.

  • archaeo / about 9 years ago / 2

    Sparkfun's dedication to quality is admirable. Going through a quick verification process is no big deal to me, I'm sure most others feel the similarly.

    I particularly appreciate the time taken to write up the decision process. I think it's really interesting to see how these kinds of things are handled. Transparency is awesome!

    • Double M / about 9 years ago / 1

      Transparency is going to keep being our default setting. I'm glad the road block wasn't too much for you. Looking forward to more interactions about more of my decisions.

  • Valen / about 9 years ago / 1

    SparkFun is taking steps to ensure that our user community is a safe space. That means we need to make a few changes.

    And then the irony of it that you forgot to renew the forum.sparkfun.com certificate. Shame on you. ;)

  • Rodney B. / about 9 years ago / 1

    I am more than happy to verify my email address because I love this website. Now if we could just get another dumpster dive I'd be happy. :-P

  • rdnetto / about 9 years ago / 1

    It seems to me that a really easy way to detect spam would be to hash all comments, so that you could easily detect if a comment had been posted before. If the no. of instances of a comment exceeds a certain threshold, flag all instances (both past and future) as spam.

    Combined with traditional approaches (and maybe some human oversight for the more borderline cases), this could be really effective.

    • Double M / about 9 years ago / 1

      As Erik-Sparkfun pointed out, blocking the url was took hard because of junk characters, we'd have to leverage that would ignore non-printable characters. it would be too easy for the bots to figure out what we were doing and just develop a system for insuring the posts were different enough to get through. We decided to do the pre-auth regex instead.

  • How about an additional step of requiring an actual user name to be entered for account creation? The generic Member#xxxxxx format is really easy for spambots isn't it?

    Maybe limit accounts to not be able to comment until they have entered a user name...one more hoop to jump through. Trivial for humans...

    Also you could enforce a user pic as well, more cumbersome, but not super hard

    • phalanx / about 9 years ago / 2

      Believe it or not, that barely slows them down. On the Sparkfun forums you need to solve a captcha that involves you doing a menial task like dragging "food items" into the refrigerator. This eliminates most spam but daily I still see several spammers attempting to post which means a human is involved somewhere in the loop. Since the traffic in the forums isn't as high as on the main Sparkfun site, we've chosen to moderate the first post of all new users. 99/100 times the spammer will get right to business and their first spam post is caught and we can ban the account. Once in a blue moon they play the game long enough to get normal access to the board and then start spamming. The user base is pretty diligent at finding and reporting it so it can be dealt with quickly. Overall I'm pretty happy that the normal user on the forum will see no spam in their daily surfing of the board.

      • Double M / about 9 years ago / 2

        Echoing Erik-Sparkfun, Thank Phalanx, you do great work on the forums.

      • Erik-Sparkfun / about 9 years ago / 2

        Speaking of which, thank you for all the work you do on the forums! It's very much appreciated.

    • l0gikG8 / about 9 years ago * / 2

      How about the account needs to have successfully bought something before being able to comment? I'd like to see Sparkfun posts from only legitimate Sparkfun customers. Or alternatively give me a way to filter the comments of the accounts that have never bought anything.

      • Erik-Sparkfun / about 9 years ago / 2

        While sales obviously drive our business (please buy all the things from us!), we want our community to include those who are only just starting to learn and aren't necessarily ready to buy stuff yet (and who may never buy from us, for that matter). Then there are those who choose to purchase our parts through our distributor network to avoid expensive shipping and customs fees, and the ones who get things gifted to them.

        I'd rather a person who gets gifted a part can tell there's a problem with a datasheet through the comments, than making them jump through hoops to get to the responsible engineer's attention.

    • Madbodger / about 9 years ago / 1

      Another drawback of that approach is the spammers will chew through the namespace, taking possible names away from real users (assuming that user names are not allowed to be re-used).

      • Double M / about 9 years ago / 1

        user names are unique, which is why I couldn't use 'Timm' someone else had it already.

  • esm / about 9 years ago / 1

    If this sort of topic is up your alley (community and spam management, harassment and abuse issues, etc), I highly recommend Sarah Jeong's recent book The Internet of Garbage. It's a very quick read, and a great summary of the state of spam and abuse management in online communities today, and thoughts on the future.

    • Double M / about 9 years ago / 2

      We have an unofficial book club here at SparkFun, I'll see if I can get Nate to buy a few copies. Thanks!

    • Madbodger / about 9 years ago / 1

      Amazon only, and I do not do business with Amazon.

  • WarpedHumor / about 9 years ago / 1

    In this time of evolution it is unfortunate that there is not one (or more) authentication services that uses crypto signatures, that all forum sites can use to cut down on spammers - that way the spammer gets banned at one site they are banned at all subscribing sites - also you only need to validate id once for all sites. That said, I'm all for cleaning up the forums here.

    • Chalz / about 9 years ago / 2

      Problem: Spurious banning. You could wind up absolutely blacklisted because your password was guessed/discovered/cracked; you forgot to logout and someone tooled with your account; a pissy moderator just doesn't like your name/political stance/preference of Star Wars over Star Trek. I like the ease of use and accountability. I hate the potential for abuse.

    • jma89 / about 9 years ago / 1

      I'm with you on cert-based signatures. There's not a shortage of places where you can get a cert for that very purpose at no charge. StartSSL comes to mind especially.

  • North Alabama PC / about 9 years ago / 1

    My Email is my Passport; Verify Me | Computer voice - "Verified"

Related Posts

Recent Posts

Sweet as AI Pi

Tags


All Tags