Really good job. Thank you man!

Reserved.

this is what www.stopforumspam.com has been doing for several months, accumulating a database of 80,000 known forum spammers and provides code (and a vbulletin mod) for access/submitting to it, allowing spambots to be denied registration.

Nice :) I haven't heared about it though, else I probably wouldn't have started this adventure.

Edit:

I've looked into your project and it seems to be pretty much the same we have, besides the website. We probably never will have more than a single webpage and concentrate on backend coding only. I'll soon look into it a little better. Sorry if this sounds like stockfish, but I'm falling into pieces :) Goodnight!

Yes, but this also seems to check the validity of email addresses, which is a big plus. Maybe this can be combined with vbstopforumspam?

Sure it could but the problem with a single source of active SMTP scanning is that mail servers could just block connections or worse, tarpit them by reducing the TCP window size to 0, therefore just killing any scanning machine thats busy and invalidating any results, possibly timing out causing unhandled errors... if I ran a mail server and had it hit by a non-stop mail scanning site, it would get the tarpit treatment.

Take gmail for example, it waits to the end of the conversation before rejecting email addresses. This could pass email testing but be an invalid email address. Other sites will just accept everything and bin non-valid recipents later. Lets not forget (and I havent looked at the source) you can have a mail server running without a MX record. stopforumspam.com does tests to govern if an email is a valid format but it doesnt connect to a remote server to test if we got a 220/451/452 result code.

A single point for email scanning isnt a great method, as much as I like making it hard for spammers. By doing active scanning, your results are skewed by the remote end which you have no control over. vBulletin already has a method for controlling email validity, in that you must confirm a registration. For those sites without email confirmation, well, they deserved to get spammed really. While this doesnt stop a member registering to that point and hoping that their details will still be visible somewhere, email tests could be done on your server in a more distributed manner. There is no reason why those results couldnt then be submitted to a central site for further testing.

Im not trying to rag on anyones effort, god knows I had enough myself when I released my mod but Im just playing devils advocate :)

Right. However we have to start at some point, and if we had the fear to move against spammers, we shouldn't move at all. I'm aware of the risks, but at the end we are not sending any email, and just try to find out if the mailbox exists, with a simple mail conversation which may come any time from any server. It doesn't mean we are spammers, and those who protect do know. The point of one source is easy to understand - it is a start project and every server is an expense, I'm sure you know. And on the other hand it never will be only one source, because once everybody starts to share, spammers are defeated from many places. And in fact this is the only way.

GMail seems to handle email as any other server. The few cases an email results valid but effectively isn't will be handled by the mail server. But if you ever had a forum with thousands of users and frequent email bounces just because they don't care even to register, you will also understand that a basic connection test isn't the worst thing. In fact this is what many people ask for: more reliable email addresses.

We have to build that. As far as I know there is no public database where to look at if an email address is valid and existing. It is rather the contrary, since otherwise the spammers could just download that database and send spam to 1.000.000.000 world-wide users instead of only 1.000.000 at a single time.

We can share experiences, databases, code. But it must be us to start the fight, waiting for other people to join and actively help will take a long time. Since your site is already up for quite some time (a year or so), you will know how much it takes, unless you already had a lot of helpers. ;)

We have added an online Help (yet under development), which explains what this service does. You may access these pages from here.

I believe it can be combined easily. As far as have seen by now, the collected data does not differ a lot from what we store, and additional features can be shared once the service has been tested by many forums.

I'm not sure if one central SMTP mailbox test is practicable though. Best would be a cluster of providers offering this particular service and client applications will choose randomly or sequentially from that list.