There is an interesting discussion about spam and OpenID going on at Matt Mullenweg's blog. The discussion was triggered by the policy decision of social bookmarking site Magnolia to restrict signups to OpenID users. According to the site, 75% of new accounts were being created at Magnolia by spammers using automated tools (our friends the 'spambots'). They say that by restricting access to OpenID users, the rate of spam-account creation decreased. In the discussion, there is a lot of talk about whether OpenID should be used to fight spam, and whether it could be an effective spam-fighting tool in the long term.
Here are my thoughts. Spammers can create OpenIDs too, and a single sign-on system might be many a spammer's wet dream. It gives them easy access to millions of sites in one fell swoop.
Now, OpenID by itself can't prevent spam. All it does is provide a globally unique identifier for any given user on the planet. This is where a tool like Mollom comes in. At Mollom we're already maintaining an internal reputation for each OpenID account we encounter while assessing submitted content. Combine an identity system (OpenID) with a reputation system (Mollom) and it becomes a lot easier to separate spam users from non-spam users. Simon Willison said it best: "a trust system requires identity first". A globally unique identifier combined with reputation tools give us a powerful weapon to fight website spam. OpenID's attribute exchange might become Mollom's best friend ...
Similarly, Tim Berners-Lee is experimenting with combining FOAF ("friend of a friend") and OpenID to fight spam: you can only comment on Tim's blog if you are no more than a certain number of degrees of friendship away from him. Of course, it is a widely accepted theory that we are only six degrees away from everyone in the world so I do wonder how effective this would really be in the long run.
It is still early days in these debates and experiments, but for now, Mollom can already protect your login and submission forms with an image or audio CAPTCHA.
Either way, it is an interesting discussion that makes you wonder. Where will OpenID be in 3 years? Where do you think the website spam problem will be in 3 years? How will this affect online communities?
I have my own thoughts and predictions and it was one of the principal reasons for co-founding Mollom ...
After several months of private beta testing, Benjamin Schrauwen and I are happy to unveil Mollom, your partner in automated content monitoring. Mollom's purpose is to dramatically reduce the effort of keeping your websites clean and the quality of their user-generated content high. Currently, Mollom is a spam-killing, one-two punch combination of a state-of-the-art spam filter and CAPTCHA server. We are experimenting with automated content quality assessments, but these are still in an early testing phase.
We currently provide modules for Drupal 5 and Drupal 6. For all you developers out there who'd like to build Mollom plug-ins, we will be releasing full API documentation very soon. We would be thrilled to put your home-brew plug-in for your favorite platform on our download page.
Mollom vs Akismet vs Defensio?
Mollom does offer some of the same features as Akismet or Defensio, but our goal goes further than spam-blocking alone. We want to increase the overall quality of your site's content. For example, Mollom's CAPTCHA service already helps block fake user accounts, and we are experimenting with various automated content-quality assessments, including blocking obscene, violent and profane content.
We have some great new features in the pipeline, so please check back with us regularly for more news or subscribe to Mollom's RSS feed.
Mollom and Acquia?
Mollom is a self-funded, garage-style project. I do take it very seriously, but it is nowhere near the size or scope of Acquia, which obviously remains my full-time commitment.
Mollom is a separate effort for three reasons: (i) I started it a while ago, (ii) I'm working on it with a friend who is not involved with Drupal or Acquia and (iii) unlike Acquia, Mollom is reaching out to as many content management systems and web applications as we can engage (and not just Drupal).
While Mollom is not associated corporately with Acquia, Acquia does intend to offer Mollom services as part of its subscription offerings. See Acquia's Caliper project.
Thank you to our testers
We would like to thank all of our private beta testers for their help and suggestions over the past months -- you've gotten us to this important milestone, guys. Thank you!