On Tuesday, 24 May 2016 at 12:59:39 UTC, Basile B. wrote:
One thing that could be done is to disable the spam checker when the user is registered. As a counter part registering must be very strong: image capcha + text capcha + guess the code result + ?
Yes, that's the reason the spam checker shouldn't just be disabled when the user is registered. But what can be done is adding a counter of every time a captcha is filled out correctly. Once they've done that enough, no prompt to guess the code again.
Then you wouldn't have to arbitrarily decide what a "strong" challenge is and just hope that it's solvable, and nobody circumvents it. Instead, you could continue to challenge them after registering, and you can record their success in stages.
There's other tricks you can use to make life harder for spammers. Tracking how long people have had their accounts for instance, and only showing captchas and limiting post rate to new accounts. Spammers would, of course, cache up a million unused accounts then, and start firing them once they're old enough. But you can measure how often they've posted, and combine that with account age to get a good idea.
You can use stronger captchas too, and more difficult to solve puzzles, if people won't keep being asked to solve them beyond a certain point. Even if spammers turn their supercomputers and south asian sweatshop workers to solving your captchas, making it harder for them costs them money and power, and all you have to do is make it not worth the trouble before they'll either run out of money, or go away.
