Continuing my mini-series on social media frustrations, I’d like to talk a bit about spam that’s found on social networks. It’s a problem that has perplexed MySpace (which has been a tug o’ war for AOL, too); since they want to make it easy for users and promote engagement. I have a little insight, since at AOL I whacked thousands of spammers at a time and enjoy every bit of it.
Spamming occurs because of two things: Cost and ROI (or “Value”).
Cost of spamming is simply asking the question, how many resources [of mine] will it take to get my message to a lot of people? That is, the cost of programming a script to automate the spam, the cost of actually spamming and the risk of “What if I’m caught?” These factor into the —
Return on Investment (ROI), or otherwise the monetary value a spammer might receive in return for spamming. Say for instance, you had 1/10,000 people respond and purchase the item that you’re selling and you’d earn (dare I say “earn”) $20 for it, for 100,000 people you would make $200. Scale that out to a million, and you’d make $2000. Do this daily, you’d make $730,000 annually; or if you wanted to be conservative and spam a million people weekly, you’d make $50,000. Then you hold this against the “cost” of the spamming process, and a spammer has a rather easy decision to make.
Yes, I just told you how to spam. No, I don’t support spamming; nor do I suggest anyone actually spams for a living.
Now let’s take a different spin on the problem. Most of what I mentioned has been with the traditional e-mail application. As more and more people use social media, the spammers will follow right along. Look at MySpace and all those beautiful D-cup-sized blondes that suddenly wanted to be your friend. The spammers have tapped into the psychological physiological desires of their targets and can effectively reach out to more people. More people equals more money (see above).
That’s “direct marketing,” per se. There’s an additional benefit for spammers to target social networks: Google PageRank. By placing their links with strategically placed keywords to their own Web sites, they rank higher in search engine results. Almost every social network has Web-based profiles, which Google likely crawls daily, so even if the profile gets deleted, they still receive the benefit.
The problem now is the cost still hasn’t outweighed the benefits of spamming. It’s still relatively easy to develop scripts to automate friend/buddy requests, it’s relatively easy to post content on illegitimate accounts, there’s little or no penalty for getting caught, especially if you hijacked another user’s computer via a trojan or have an army of “botted” machines (botnets) to carry this out.
Last week, I received my first Facebook spam. It was so creative, it went something like this, “hi! my name is maria and i live in your area. view my pics here.” I forwarded it to their abuse department, but I have a little feeling that spam will only continue to grow on Facebook.
The bottom line, spam not only upsets your users, it can risk the integrity of your metrics and subscribers (e.g. If you had 5000 spam accounts but only 1000 users, advertisers wouldn’t be too pleased.)
What’s the solution to spamming on social networks?
- Rate Limiting: There is not one person who needs to add more than 50 or so friends daily. It just isn’t realistic. Rate limiting can be based on the account’s age, the number of existing connections and the number of reported violations it has.
- Easy Reporting Functionality: Make it easy for your legitimate, passionate users to report spam in no more than one click. Any more than that, it’s an inconvenience and a disservice to users. As an example of this in action, AOL has the Report Spam button on AOL 8.0 and newer. From the reporting, tally the accounts that get numerous reports and use an automated mechanism to lock it down and delete all activity from it. Remember, you’re fighting spam, not acquiescing to it.
- Filter All Hyperlinks, Use ‘rel=nofollow’: Take away the benefit of PageRank and preserve you’re domains search engine optimization by using the new HTML attribute rel=nofollow in your hyperlinks that users create. Further, archive hyperlinks and whack them for spam, and use it when identifying abusive users. MySpace has done a great job at filtering malicious or otherwise spammy links by renaming them, obfuscating the actual URL with Base64 encoding, and can warn users or disable links that are being used inappropriately.
- Engage ISPs in Addressing Abuse, or Block them: Just imagine if MySpace blocked Comcast, ATDN or Cox? Think of the mess that would cause the ISP when millions of pre-teen users call their support lines and complain they can’t access MySpace. Not a pretty picture — so make reasonable alternatives to notify ISPs of abuse of their customers when spamming, block IPs, or neighborhood-level subnets. Again, you are defending your network from abuse, not acquiescing to it.
- Educate Your Users: Probably the most important aspect to fighting abuse is proactively educating your users on how to properly report abuse, let them know what to expect and point them where to find help. Educate them by “official” means like e-mail, or other programmed spots on the site that will grab their attention so they learn how to protect themselves. AOL over the years has made it very clear [link to my older work blog] to novice users on how to identify and report abuse watermarked on their products as well an online area [AOL/AIM account required to view] to learn more.
- Adapt: Spam methods change, user experiences change and solutions that worked yesterday don’t work today. Always be re-assessing your vulnerabilities and listen to your users and adapt your techniques to be one step ahead, at all times.
That’s my suggestions to any social network who wishes to mitigate the spam problems and defend their network’s integrity. However, there are probably some additional suggestions (or disagreements) so sound off in the comments below.
