Need help? Check out our Support site, then


Preventing "Spammers" from being notified of new Posts

  1. I've recently begun to receive lots of notifications that so & so is now following my blog. Unfortunately many appear to be spammers. Today brought the following notifications.

    cruz_orell​ana474@133​.cashadvan​cezip.com is now following your blog
    brooke_cor​dova4518@1​32.cashadv​ancezip.co​m is now following your blog
    brenda.coo​n4375@131.​cashadvanc​ezip.com is now following your blog
    raquel.str​auss4614@1​30.cashadv​ancezip.co​m is now following your blog
    dorthea.ty​ree7756@12​9.cashadva​ncezip.com is now following your blog
    autumnflem​ming5138@m​ailnesia.c​om is now following your blog

    Sure sounds like spam to me, but Is there anyhting I can do to prevent this from happening? Is there any way that when I do post that these "people" are not notified?

    Thanks!

    The blog I need help with is bitemefanboy.wordpress.com.

  2. You can't prevent people from being notified of public posts, but you can report them as spam. This thread has already been marked for staff attention.

  3. More than likely, they have blogs, which will be listed in the follower notification. When you receive that, please report the blogs via http://en.support.wordpress.com/report-blogs/

  4. Macmanx,

    I've gone throught my list of Email followers (it continues to grow daily) but none of them appear to be blogs. As of tonight I have 90 email followers: 21 from @mailnesia.com, 7 from @oldcelebrities.net, 3 from @coolmailer.info, and 6 from @###.cashadvancezip.com (numbers are sequential). There are also a number of hotmail accounts that just smack of spam.

    It would be helpful if WordPress allowed users to delete any email follower they suspected of being spam. The ability to create filters (like most email programs) while not entirely stopping situations like this would, if caught early, would allow a user to create a filter thus limiting the amount od spam.

    Thanks for getting back to me so quickly!

  5. Thanks, we're aware of it.

    We're still trying to figure out a motive for these fake email subscribers so we can actually target the motive itself and put a stop to it. So far, we're running a bit short.

    They have nothing to gain from reading your blog and nothing to gain from affecting totals. Unlike WordPress.com (non-email) followers, where you receive a notification email with links to their blog and Gravatar profile, there's really nothing for them to gain.

    Once we can figure out a motive, it's pretty trivial to stamp out the behavior for good. If not, we'll look into a better way to manage subscribers overall.

  6. Is it not simply to facilitate blog scraping? I encountered an outfit recently that wanted ten articles a day from their writers, a pace nobody could keep up, and they took pains to explain that they wanted good material "wherever it is on the web" so might this not be where some of those criminals are getting their articles?

  7. That could be, but RSS feeds (which are freely available on all public blogs) would facilitate much easier scraping than emails.

  8. Yes, but you have to be SMART and KNOWLEDGEABLE to know how to use an RSS feed. Most of the people I've encountered are of the "how do i put adsense for get villa in france" level.

  9. True, it is "easier" to copy and paste from an email than parse an RSS feed, but once you setup an RSS parser, it's fully automated wholesale copying. Copying and pasting emails is an insurmountable task, especially at the levels of blogs that some email-only accounts are subscribed.

    I monitor my blog for a variety of things so I can shut down spammers on this end (it's oddly therapeutic), but I haven't noticed any sort of wholesale content theft that I'd expect if even a quarter of my email subscribers were just scraping my blog, in fact I haven't seen any at all over the past few months.

    It's a very odd case. I mean, I admit that it's frustrating, but it's very odd. Without a clearly obvious motive, it's nearly impossible to be sure if an email follower is truly fake. Fact-wise, they have absolutely nothing to gain. Speculation-wise, we can say that they're doing it to copy and paste our blog content, but I'm not seeing any evidence of that trend.

    I'm not sure how much ground we can gain campaigning on that level, since RSS feeds are freely available and offer more automated scraping.

    Regardless, without a clear motive, this may result in more blogger-facing subscription controls sooner rather than later.

    One thing to keep in mind though, if email-only followers have absolutely nothing to gain except the ability to read your posts via email, how can you be sure that they're fake?

  10. Fact-wise, they have absolutely nothing to gain

    @mcmanx, isn't above contradicting this:

    We're still trying to figure out a motive for these fake email subscribers

    If you do not know their motive, you cannot tell factually what they're trying to gain.

    The fact of the matter is that these fake-followers are playing with and gaming the software platform by utilizing another software. The sheer number and the widespread corruption, only suggest that very few miscreants (people) are behind the scenes but they are using some form of software/script etc to mess with WordPress software. You on the other hand, as a responsible party for protecting WordPress, is looking to circumvent this situation by finding out the people and their motives. People and their motives are behind the scenes. What you have in the front is two software. In my opinion, your first attempt should be to defend your software through machine defense, i.e, find weak entry-points and stop the weak links in your own software. As a second defense, you can then look into figuring out why and who is trying to play with your system.

    Your last paragraph suggest that you are still not convinced that we are reporting a real problem here. Many of us have already reported that we are seeing suspected looking email addresses subscribing our blogs. I even gave a screen shot example on another thread. Tell me, does "katrice5365" AT "cashforsurveysreview" DOT net sounds legitimate? It doesn't take a rocket scientist to see an email address and tell that it is a fake.

    We are more concerned about loosing sight of our legitimate followers due to the aggressive number of fake ones in the mix.

  11. If you do not know their motive, you cannot tell factually what they're trying to gain.

    Actually, yes I can. Fact = evidence. We have no evidence to the contrary, so fact-wise they have nothing to gain, which is why we're still trying to figure out their motive.

    On the other hand, what you have said above is wildly unsubstantiated speculation.

    gaming the software platform by utilizing another software . . . using some form of software/script etc to mess with WordPress software . . . find weak entry-points and stop the weak links in your own software

    These folks are subscribing via email just like any other person would. The only other software they're using is a web browser, and the only mess they're causing is establishing themselves as a subscriber. There is no "weak entry point", simply a subscription form that anyone with a browser and an email address can use.

    You're trying to make this sound like a security issue. It's not, and it never has been.

    Let's stick with what we know is true and avoid speculation.

    If we attack the behavior, we stop the problem. If you all you do is spread fear, uncertainty, and doubt, it only serves to cause a panic and distract from the real issue at hand.

  12. With regret, I have temporarily disabled Email Subscription box and Follow box-for-logged-out-users, at my blog for now. I am not seeing hopeful sign of acknowledgement of a problem by WP staff here as of yet.

  13. @macmanx -- I suggest their motive could be simply the satisfaction they get from knowing they've annoyed someone. Sort of the reverse of the satisfaction you get from shutting them down.

  14. It's worth mentioning that the blog "writing" conglomerates have been required to provide proof they're not using software to scrape blogs; their solution is to force the individuals to make posts manually. Easier to do from an email than an RSS feed, no?

  15. @RC - easier to copy an email when the blogger sends out the whole Post in the email - also copy off a web page is easy - the only RSS thing I use is the Reader here so I am a bit limited in experience with RSS stuff

  16. True, with the crackdown on automated scrapers, it's safer to just go manual, but then there's Google's heavy penalties on duplicate content. Of course, I'm assuming that they know or even care of such things, which I already know is wrong. :)

    Anyway, this is definitely a problem, and one which we have been working to find the best way to counteract.

  17. @macmanx - I doubt a scrapper really cares - the original blog if the scrapper is quick enough the scrapped content is up quickly and the original blog never knows they are penalized because search engine traffic starts low (new Posts take a bit of time to be indexed unless they are on a site like CNN or Huffington Post) - the scrapper does not care - after all the cost of the content was a few minutes for someone to copy and paste into a scrapper blog - and if they have many scrapper blogs low search engine traffic would not be a big deal because they have a lot of sites -

    Proof of my hypothesis? If the scrapper sites all lost money they would go away quickly not continue to ramp up -

  18. Could someone please tell me how can anyone follow a blog when there is no Email subscription widget, nor a Follow box, enabled on the blog?

    I am still getting email notifications from junk/spam followers even though I have disabled all options from anyone to subscribe my blog via email.

  19. Could someone please tell me how can anyone follow a blog when there is no Email subscription widget, nor a Follow box, enabled on the blog?

    If they're logged in to WordPress.com, they'll see "Follow" in the admin bar. They can also follow a blog from the Reader.

  20. It seems the Followers have slowed down. No fake follower today and yesterday except for the few yesterday morning (when I made the above post). The Likes through the Reader is usual and I don't yet see any suspicious one (I am fine with Reader being a separate entity and generating whatever activity it does through my blog).

    I hope to bring back the Email Widget in a day or two, after watching how the Follower count, through the use of WP Reader, behaves for next two days.

  21. @macmanx, you said:

    If they're logged in to WordPress.com, they'll see "Follow" in the admin bar. They can also follow a blog from the Reader.

    In above mentioned case, should I see a link to their gravatar, or any other link associated to their WordPress account, in the email notification I get?

    I have received an email notification today about a subscriber who very much look like a spam/fake. In that notification, there is absolutely no link to any WordPress gravatar or a blog. Please note that I have disabled Email Subscription form and Follow-box-for-logged-out-users from my blog, and as per your note above, anyone can still follow if they are logged in to WordPress.com through their admin bar.

    So if this is the case and if this alleged fake/spam email address has followed my blog through WordPress.com's admin bar, than why do I not have an ability to report a suspected spam follower, so you can may be investigate?

    Thanks.

  22. What is the full email address?

  23. kaputmotto4035 AT hotmail DOT com

  24. That individual subscribed to your blog 8 days ago, which I imagine was before you removed the widget.

  25. The time-stamp on my email header (for this particular notification) is this:

    Received: by x.x.x.x with SMTP id xxxxxxxxxx; Wed, 17 Apr 2013 00:12:46 -0700 (PDT).

    If your record shows that this subscription occurred 8 days ago, than I will end this query right now as my Gmail could be the culprit here, I can't tell. Thanks.

  26. Yeah, it could have gone out late. They definitely subscribed 8 days ago.

  27. I am just curious. Have you guys considered adding captcha to the Email Subscribe and Follow box?

    I recall back when I was using Feedburner (prior to WP introducing its own), Feedburner had a captcha verification. If I am not mistaken, currently, WP only asks that people verify subscription by clicking a link in the email. I am assuming that this method is being abused by the spam/junk followers?

  28. No, we're very much against captcha for accessibility issues. When someone follows a blog via email, they receive a confirmation notice with an activation link which must be clicked.

    They won't be following your blog, and you won't receive the notice, until they click the confirmation link. So far, this requires a human touch. There are no known bots capable of this, and we haven't seen any bot-like activity.

    Come to think of it, this is probably why you didn't get the notification for that email follower until 8 days after they followed you.

  29. @macmanx
    Despite the fact I have never ever enabled the WordPress.com follow blog widget on my blogs, as I use Feedburner, I do have email followers on both. How is that possible?

    example (1 blog) : http://onecoolsite.wordpress.com/wp-admin/index.php?page=stats&blog=2598284&blog_subscribers&type=email

  30. They're all WordPress.com users, but in this case chose to follow via email.

125

Topic Closed

This topic has been closed to new replies.

About this Topic