SPAM, bots, sign-on

We can’t say that Gmail as a system is at fault. Isn’t it more to the point, as has been alluded to, the sign-up process needs a tweak?

I’ve put my reply here for those interested in the RPCEmu thread.

We can’t say that Gmail as a system is at fault.

Yeah, we can.

The Wikipedia article on email address format specifically notes:
Gmail ignores all dots in the local-part of a @gmail.com address for the purposes of determining account identity.

This makes it a spammer’s paradise as they can quickly make up one longish free email address and send out many many variations just by changing where the dots go.

While this does not specifically involve Gmail, the fact that it’s dead easy to set up an account and the dot issue make it far too easy for one to get dozens, if not a hundred odd, seemingly unique addresses due to how Gmail interprets them.

On my own setup, I had blocked .live and some Chinese mail domain that’s a bunch of numbers. This abuse of Gmail is new, and it was happening enough that I just turned off account signups entirely.

A potential problem is that the local part of the email address is up to the mail service to interpret. I have an address with a dot in it at Yahoo! I tried sending a test message to the address without the dot. I did not receive it (nor a bounce). It may well have been somebody else. So Gmail’s behaviour is a bit weird and rather annoying. It’s almost as if it’s designed to help spammers (because who needs random dots in an address that doesn’t create it like that in the first place?).

the sign-up process needs a tweak?

Certainly. But that means somebody will need to do it. Time, resources, the usual afflictions affecting RISC OS… ;)

While this does not specifically involve Gmail, the fact that it’s dead easy to set up an account and the dot issue make it far too easy for one to get dozens, if not a hundred odd, seemingly unique addresses due to how Gmail interprets them.

But an issue hardly unique to GMail. Didn’t one of the “RISC OS-friendly” ISPs do a similar thing with a plus sign?

If you’re looking to block by email, it shouldn’t be hard to do that whilst ignoring any dots if it’s @gmail.com or one of Google’s other domains. These are interchangeable too, by the way.

This all feels a bit like the tail wagging the dog. I was especially amused to read Dave’s observation that

Anyone can read the content here without needing to sign up. It’s people who want to post here that we need to concern ourselves with

when for ages those of us who were unhappy with the recent posts fiasco were told “just look for unread posts on the main page”… which requires being logged in to an account.

Steve, you’re very good at moaning about what should be but isn’t. Please demonstrate your knowledge of Ruby and Rails, persuade ROOL to give you a set of keys to the kingdom, and make the necessary changes.

Steve, you’re very good at moaning about what should be but isn’t.

No, I think there’s some confusion.

I have no objection to stopping registrations as a (temporary) solution to the current problem. Had there simply been an announcement that due to a deluge of spam signups, registrations had been put on hold until the problem could be addressed properly, that would have been fine.

Unfortunately, that wasn’t quite what happened. Instead we had a comment about a “large scale attack”, followed by sweeping generalisations about GMail and its users and then, after the block came into force, intimations that anyone who wasn’t yet signed up couldn’t have anything useful to contribute. The whole discussion became very “them and us”, with an “in” group of account holders and some “out” groups who, if they weren’t evil spam-mongers, were at least likely to be using Google products.

RISC OS has always had an undercurrent of this, starting out by sneering at “Windoze” users, but that doesn’t make it helpful, correct or edifying.

To reiterate: had the block been announced without the editorialising alongside it, then there would have been no issue at all.

followed by sweeping generalisations about GMail and its users

Kindly don’t put words into my mouth. I would happily lay blame on Gmail’s treatment of dots in addresses and say that it’s a veritable feast for spammers, however given the size and scope of Google it ought to be patently obvious that this is a very small subset of its users.
And yes, it does risk penalising innocent users, there’s no ideal solution (as I mentioned, other services would treat fred.blogs and fredblogs as two different people, so dot stripping may help but only so far).

anyone who wasn’t yet signed up couldn’t have anything useful to contribute.

Citation needed.

Especially given that we, as a community, need to attract new users in order to grow (or, at least, not shrink).

RISC OS has always had an undercurrent of this

How about volunteers getting a bit miffed with tidying up the mess? Didn’t see you volunteering to pitch in…

starting out by sneering at “Windoze” users

I think that was quite common in the 90s (and not just RISC OS users), and in the 90s that nonsense ought to stay.

The whole discussion became very “them and us”, with an “in” group of account holders and some “out” groups who, if they weren’t evil spam-mongers, were at least likely to be using Google products.

Plus the people with comfy seats, a good supply of snacks and beer, who were sitting and watching on :)

I like sneering at Windows users, not the lusers that don’t know any better, but those who have convinced themselves it’s any good despite years of evidence that it is only getting worse, and particularly those on the insider program, morons the lot of ’em.

Apple is bloody awful, Microsoft is even worse. RISCOS does a few things well, and is easier (for me, at least) to fiddle with to make it do a few other things that none of them do out-of-the box, or which can only be done by Spending Lots of Money on software, or climbing impossible learning curves.

Joking aside, I don’t sneer at anyone, just feel sorry for them.

I agree that Apple is a massive amount of style and hype over substance, and I think the pinnacle of Microsoft was XP and it’s been downhill ever since.

However, both are an immeasurable distance ahead of us because, well, that’s what a user base of hundreds of millions and a trillion dollar company can do.

For us, after the Da**dS affair the were plenty of useful suggestions of how to improve the forum…which largely didn’t happen because time, developers, resources. It’s the same story. Why no Bluetooth? Why no GPU support? Why no total ground up rewrite in something that isn’t assembler to make a 64 bit version possible? Time, developers, resources.

or climbing impossible learning curves.

Plus the potentially unrealistic whims of the underlying manufacturers. It seems that Google keep changing the Android API and they seem to believe that an app that hasn’t been updated in so long has been “abandoned”, so smaller apps that do a job well need to be twiddled with to satisfy some arbitrary metric. Plus they are, at heart, advertisers so all of this stuff is largely a hook to get adverts in front of your eyeballs, which is why you can block basic privacy things but you cannot block any app having unfettered access to the network (else it could not fetch the adverts that so horribly blight the mobile experience).

RISCOS does a few things well

Very much so, but the general good design of the UI needs to be weighed against nearly two decades of practically bugger all investment. There’s a lot RISC OS can do, but even more it cannot do. I use it a lot, it’s friendly and nice, but it’s essential to have something else for all the stuff it can’t handle.

just feel sorry for them.

I just shrug. I’m increasingly of the opinion that operating systems will be irrelevant and it’ll be a case of “can it do X” (Netflix, my bank, etc etc) with the OS being the bit underneath that makes all this stuff work.

It seems that Google keep changing the Android API and they seem to believe that an app that hasn’t been updated in so long has been “abandoned”

I’d suspect the 2 are connected. I mean, how else do you force people to pay, use the latest things or ensure you can change or deprecate code?