The Cafes seems to be off and running. There were a few initial glitches that I have now cleaned up. Today’s project is to make the staging server work enough like the production server that I can use it for testing and debugging without affecting the production server. Yesterday I got stymied by a slight difference in how the PHP engines were configured. (The staging server didn’t have libtidy support that the site relies on heavily.)
At least three people tried to post with fictional or nospam e-mail addresses. Sorry. That won’t work. Anonymous posters are not supported. You must supply a valid e-mail address at least once to post, and it will be verified. It’s sad, but the biggest issue that has been raised most consistently by users is an unwillingness to provide an e-mail address due to fear of spam and worm droppings. While I hate spam as much as the next person, I am loathe to break a useful feature like mailto links just to avoid spambots. It’s the wrong solution to the problem. I am a big fan of spam filters including realtime black hole lists. If you’re not using them, you should be. If your ISP isn’t using them, you should find a new ISP. But in the meantime, I do wonder if there might be a middle ground that confuses spambots, Microsoft worms, and other venomous spiders without putting any noticeable roadbloacks in the path of legitimate users.
Possibly you could use Paul Tyma’s Mailinator, though I’ve never once gotten that to actually deliver me a message. (OK, I have to update that: I just tried a test post, and it did indeed get through.) But I’d really rather you not. Discussions are more productive and interesting when the posters aren’t anonymous. If Mailinator or similar one time services are abused, I’ll seriously consider dumping comments from those addresses.
All messages sent from this site are addressed from me personally, firstname.lastname@example.org, at least for now. This means that if you use a challenge-response system and you’ve added me to your whitelist or if I’m in a good mood, you might be able to use that to prevent spam. (When I’m not in a good mood, I tend to delete challenges without responding. Alex, if you haven’t heard from me in a while, guess why. ) I think Bruce Eckel managed to get subscribed this way.
I wonder what would happen if I used some advanced features of XHTML for the content? I haven’t seen anyone do this before. Let’s try it out. First, here’s a a mailto link that uses numeric character references:
I made it a mailinator link so everyone can login and see if the mail gets through. My guess is this will block some spambots that use grep, but others are known to use HTML parsers, and those wouldn’t be fooled.
Here’s another idea: what if we used XHTML with an unusual prefix. Try this one out:
I suspect this is going to break a few browsers though. Mozilla can handle it, but only if the document is served as application/xhtml+xml. Safari and Internet Explorer can’t pick it up, so that one’s probably a non-starter.
Anybody have any other suggestions? I suppose I should put a few of these up on a honeypot page, point them at a real address, and see what happens.