Scammers and Spammers

From FreecycleFAQ
Jump to: navigation, search

Spam is the Internet equivalent of junk mail ‐ email you didn't ask for, and probably don't want. It's sent by spammers, usually using automated tools. Freecycle members will often have their own spam filters to detect and remove ‐ that's up to them. This answer just talks about what you can do as a moderator to reduce the chance of your Freecycle group being used for spam.

Spammers attack Freecycle groups in the following ways:

  1. Try to send spam to the group.
  2. Harvest member addresses and use them to send spam.

For 1), there are two possible ways they do this:

  • 1a) Join the group and send spam
  • 1b) Impersonate ("spoof") an existing member, and send spam which appears to come from them.

There's basically nothing you can do about 1b) ‐ it's quite easy to forge email and make it appear to come from a valid user (it doesn't require their Yahoo password). So if you see an existing user send spam, don't assume that they've turned evil and overreact ‐ it may be that someone is impersonating them. Place the user on moderation for while, to allow you to catch any other such messages, and contact them gently to check.

You can combat 1a) in the following ways:

  • A. Moderate new members until they have posted a valid OFFER. Many spammers join a group and immediately send a message ‐ if you moderate new members then the spam will show up in your Pending queue. Don't reply to it, just delete it ‐ replying to spam just tells the spammer that they've reached a human, which is what they're trying to do. Most spammers aren't clued‐up enough to send a valid OFFER to get off moderation before sending their spam.
  • B. Approve new members. This means more work for you, but again, spammers generally aren't astute enough to provide a valid reason for joining.
  • C. Keep an eye on the UK ModSquad ‐ report spammers to it, and actively remove reported spammers from your list. This is quite labour intensive, and is of limited use when spammers make up a new Yahoo name for each attack, but it can help with some persistent offenders who target multiple groups.


Now for 2). The way this works is that a spammer joins the group, and then extracts email addresses from the message archive, or from mails that get sent to the group. They can then send spam directly to those addresses, without passing through your group. This requires quite a persistent spammer, so it's rare, but because it doesn't go via the group there's little you can do about it. The B and C approaches above can help identify culprits who might be doing this.