With this software, your board connects to one of the most powerful email checking engines available. The engine itself is accessed and maintained remotely. For this reason, product updates are rare.

Please try this product first on a test board. It requires access to an external URL via CURL or fopen().

If you experience timeouts, white pages or similar during the registration process of a new user, your hosting plan does not allow to access external pages or is generally overloaded. In order to complete a remote request, the script timeout should allow for 30 seconds of execution. Most requests are returned after a few seconds, but some DNS or mail servers may take more time to reply.

If CURL is installed, this will be used as the preferred method, else fopen(). One of the methods must allow to access external sites else it won't work at all.

New for version 1.1.3:
- Missing Scheduled Task Entry.

New for version 1.1.2:
- Daily cron-job for setting Update IP Censor List to your vBulletin User Banning Options. This feature retrieves the most recent blacklisted IP addresses and simply denies access to notoriously known spammers and spam sustainers. In the options, you may refer to a different script. This cron-job is by default disabled. You may switch it on in your vBulletin Scheduled Tasks. Also, it will need to set Enable Banning Options: Yes in order to make this feature work. Please note that if enabled, eventually existing IP Censor List entries are replaced.- Time-zone restrictions for new users. When new users register from an unsupported time-zone, you may deny access or place those users in the moderation queue.


New for version 2.0.0:
- General service revision (backend)
- Detailed error messages during registration. This makes it easier for your subscribers to understand, why an email box is rejected, but also to spammers how to circumvent. Now it is up to you to decide what information to show and what to hide - using the translation system (phrase prefix: usk_).
- No options, no files, no tasks, no time-zones, no user moderation, just a backend call and a reply.

If you wish to use version 2+, please uninstall the 1+ versions first.

Compatibility: vBulletin 3.6.5+, 3.7.x, 3.8.x, 4.x

looks good, i'm going to try this once i get a moment

sounds good though i already use another one i found on here that checks http://www.stopforumspam.com/

Yup, if I knew about that before I probably wouldn't have started my adventure ;)

It is a different solution though, so I'm fortunate enough not to gain fame about stealing other people's ideas :)

well anything that keeps spammers and spam bots off a forum is a good thing

From 1st december 2008 onwards, we will accept only requests which contain IP's and eventually email addresses.

Since this is primarily a service against spammers and not a service for testing if an email box exists or less, the current feature to allow either the email address and/or the IP will be changed. For all those who wish to verify only the presence of an email box could use one of the freely available vBulletin plugins which implement this feature only.

Service users who will continue to pass an email address only, will receive feedback only about the validity of the literal email address format, while an IP check only will still work as before.

Possible to add a log to see how many were allowed vs rejections?

On this page (http://uspam.pagerobot.com/uspam_genstat.php) you may see the difference between service calls and rejected calls.

The service call statistics have been introduced quite late. For this reason it will take some time to catch up and become realistic. Please take in account that about 75-85% of all registering attempts on connected networks are coming from spammers.

I don't know if local logging would be of a great advantage, since it would require to add quite some code in order to make the collected data comfortable to read and observe.

I uploaded this to my site and I tried to register with my e-mail address and it said Invalid e-mail address I uninstalled and it worked fine was I doing something wrong?

I uploaded this to my site and I tried to register with my e-mail address and it said Invalid e-mail address I uninstalled and it worked fine was I doing something wrong?
If your server's IP is blacklisted on SORBS (http://www.au.sorbs.net/lookup.shtml), sbl.spamhaus.org (http://www.spamhaus.org/sbl/index.lasso), xbl.spamhaus.org (http://www.spamhaus.org/xbl/index.lasso) or bl.spamcannibal.org (http://www.spamcannibal.org/cannibal.cgi), it can not access our service. We have added this protection quite some time ago in order to avoid registration attempts from already compromised systems.

Similarly, if you are trying to register from home (probably a dynamic IP), and this IP has been used for spamming, it finished probably in the Spamhaus XBL list, and thus you are not allowed to register. Also, your PC may be infected by a worm which sends spam to our honey-pot, and thus gets blacklisted.

In addition, if your mail server was down, or your mailbox was filled completely (mailbox quota exceeded), you will not be able to register, because you never would receive the activation email anyway.

I received the same invalid email on my first run. I then realized I had another stopforumspam that was being used as well. Great program but still has some tweaking to do.

Once I disabled stopforumspam product, everything worked fine. Not sure if this is your problem but seems I could only run one at a time.

I received the same invalid email on my first run. I then realized I had another stopforumspam that was being used as well. Great program but still has some tweaking to do.

Once I disabled stopforumspam product, everything worked fine. Not sure if this is your problem but seems I could only run one at a time.
As far as I have seen from stopforumspam, it blocks email from a domain list (http://www.stopforumspam.com/spamdomainsandips), which is a little too generic.

For example, mail.ru and gawab.com are in the first place public email box providers, such as gmail.com, and their major number of users are not spammers. They do a great deal to limit excess, but the automated procedures are so fast, they simply can't catch up in time.

There are some domains though which fit into a global/permanent ban, which clearly appear to come from spammers, such as the 2008 series (e.g. 2008informer1.net, 2008informer2.net, 2008informer3.net). We connect to suspicious domains manually and decide to list them one by one. We include hijacked domains, and domains which appear not to have a public interface.

But of course, stopforumspam does a great job within its limits. Since it does not test the email box, it is limited to IP (eventually MX) lookups and honey-pots, which are in most of the cases very precise.

So I would imagine, stopforumspam blocks a domain which actually contains legimit mailbox owners before it comes to run our plugin.

I disabled my Q&A response system for registration after installing this mod and have been overun with spammers since. Is there any way I can check and make sure this mod is actually working?

I disabled my Q&A response system for registration after installing this mod and have been overun with spammers since. Is there any way I can check and make sure this mod is actually working?
Please keep your normal protection in place. This system does not replace, but add the protection which is missing.

From 18 November to now, we have had about 54.000 service calls from a grand total of about 120 service users (50 of which make regular use), and 50.000 requests were rejected. Although the service call count was introduced late, it gives already an idea how many registration attempts are legimit: a few.

When you go to the Worst IP List you'll see the numbers of the currently top 20 worst spammer sites.

Since two months, three of our sites which were previously overrun by spammers (1000's of posts), only 4 spammers made their way through, and only 2 were able to actually send a post.

So I can say it works better than anything else we had before. But obviously together with standard Captcha, or better, the Q&A system. We use only Captcha in addition to some simple and experimental aftermatch spam traps, which sooner or later will make part of this package ;)

The IP's listed in the Spamhaus XBL list are now accepted, since most of the entries are coming from the associated CBL list. The CBL list contains mainly infected PC and thus spam victims, which therefore could not register to forums. We have made this decision in order to reduce the number of false true conditions.

For more information, please see here (http://uspam.pagerobot.com/uspam.html?News.html).

Surprisingly, it has worked out the USpam Service is being most useful to rather large organisations, such as hosting providers, software houses and military sites.

Over time, the number of medium-small forum users has significantly dropped, while it is increasingly used by the large structures.

For this reason, we will further optimize the service for large structures, and implement additional features which will allow them to maintain their services with more ease.

Forum users will be able to continue to use the service, but further development of the vbulletin product has been discontinued.

Short resume:

After over 2 million service calls and two years of operation, the gap between spammer and legimit registration attempts becomes evidently larger. In the beginning we had a range about 60:40%, while now progressively reaching 30:70%.

First Time Dateline Last Time Dateline Hits Description
2008-10-18 14:31:48 2010-06-02 13:52:20 326,735 Total registering or spamming attempts of blacklisted IP's
2007-11-24 17:48:25 2010-06-02 14:57:36 481,673 Total registering attempts of blacklisted or inexistent E-Mail addresses
2007-11-24 17:48:25 2010-06-02 14:57:36 808,408 Total lookup entries.
2008-11-18 01:07:18 2010-06-02 14:53:15 2,003,949 Total service calls

would this slow down the site due to extra external checking ?

Yes, it does a little, like 3-5 seconds during the registration phase. It does not operate in other phases.

The longest waiting period happens to be in the moment where a registration request is made, and the email box is verified externally.

If a spambot or human spammer is already known, the request typically requires much less than 1 second, because its record is already on database.