Google Webmaster Central blog has a great blog post on Web 2.0 spam and what webmasters can do to prevent of cut down on the number of instances that they are attacked by it. Nefarious Internet marketers like to use fake social media accounts to send spam to unsuspecting people. Evidently, it works. Are they using your site?
They could be. And if you get a reputation for spam then these guys will be hurting you.
Google recommends a combination of CAPTCHA forms and a blacklist. A blacklist is a list of e-mail addresses or IP addresses that are blocked from sending messages through e-mail, messaging systems, or other communications media. But, how about a whitelist?
The CAPTCHA form is a necessity in today’s marketing climate. Bots can’t solve the problems so if someone does get through the CAPTCHA you know it’s a real person. But real people can be spammers too. So you need a back up measure to cut down on the spam that makes it through your CAPTCHA.
That’s where the whitelist comes in. A whitelist is a list of names that you DO allow through. It’s more secure than a blacklist because if someone doesn’t have authorization to send a message through your system then they won’t be allowed to. A blacklist does just the opposite; it adds addresses to a list that is banned.
The downside to a whitelist is that you could stop messages coming from legitimate users. But if you have a low instance of false positives then it will be worth it. You should have a member of your staff review the addresses on your whitelist periodically to see if any of them are legitimate. That way you can police the list and find out if there are any e-mail or IP addresses you need to approve to stay on good terms with the users of your website.