Replace mollom with a different preventive spam blocking tool

Suggestion: Grant "bypass mollom" to users who have been on Drupal.org more than 1 month. This would be a very small module that could run on cron or drush, query new users, and grant the priv. Very few spammers at this point create an account and then use it later. Maybe that will come in the future.

OK, we'll wait 2 months :-)

The "Spam" suite has a pretty good collection of configurable rules. Don't know how much of a performance hit it would be, but compared to making a remote call to Mollom, maybe not that bad.

http://drupal.org/project/spam

One of my favorites is the "Node age" filter.

On randyfay.com I replaced all the other spam checking mechanisms with Captcha Riddler + Captcha. I configured two questions "Who is the leader of the Drupal project" and "What is the most popular contributed module". Spam has gone from several a day with recaptcha (mostly Polish poker sites?) to "I can't remember the last one". Amazing what you can do with something like this that requires niche knowledge. It completely eliminates any automated spammers, and seems to do pretty good things with the real people spammers too. Of course, it may conceivably have false positives as well.

How about granting "bypass mollom" to any account that has successfully posted (x) number of non-spam comments already?

I'd be interested in the drush command being in a repo... Seems like a valuable feature. Actually... it should probably be in mollom.

Opened #1298402: Automatically grant "bypass mollom" privilege to "trusted" users.

Is there a reason that mollom can't be better about cooperating with other spam solutions?

It seems very wrong that it seems to have an all mollom or no mollom approach.

For example, I consider myself a reasonably valuable poster but there have been times when I've gotten over excited and posted something that probably wasn't in the appropriate place or could've otherwise been considered spammy - a mollom challenge would easily make me rethink a post like that.

Perhaps the better example, is when you have a false positive - there is no way for a post that legitimately passes the captcha but is still deemed too spammy to publish to go into a moderation queue (or any other options)

perhaps i misunderstand their wording, but it doesn't appear that is the case. Either all spam comments can be stored for review, or they get discarded. What we really need is for any comments that are detected as spam and don't pass the captcha challenge to be discarded, but comments detected as spam but passing the captcha challenge to be stored for review. Or ideally a way to distinguish what happens with custom code if we needed. For example, on g.d.o it might make sense to still publish those comment (detected spam but positive captcha) but automatically down vote them since I doubt any of the webmasters really want to monitor a moderation queue of comments for potential false positives.

From a product perspective, Mollom could also further benefit from those feedback on the moderation action of those comments, but that's not really the point here.

I was considering using Mollom on a client site. But it happened I failed about 10 consecutive times a Mollom challenge in Drupal's groups site, the error message pretending I was not copying correctly the distorted letters. Firstly, it's not intelligent to mix, as Mollom does, distorted numbers and letters, from different fonts, because some are similar, and even identical, specially in some fonts (notably 1, I and l, O and 0, g and 9, 1 and 7). Secondly, there were several times I was sure I was correctly reading, so I guess the error message was not appropriate and my post was refused on the ground of maybe my junk IP number, rather than on the ground of my wrongly copying the letters, or possibly there was another bug. I gave up writing my comment, but I gave up Mollom too. I don't know what would be the best solution, but Mollom seems too buggy.

Is there anything new going on with this? I would really appreciate this.

We recently added honeypot in addition to mollom, which appears to be helping. I doubt we'll ever completely solve the spam problem, since we have to balance stopping spammers with not stopping legitimate users, many of whom speak other languages and/or are not familiar with Drupal spam modules. We'll continue to refine the spam fighting process, and please open new issues if anyone has specific suggestions. Closing this now, as it's broad enough to potentially stay open forever.