Do not allow TL0 users topics in email digest


(Tobias Eigen) #1

This is awesome. Thank you, @techAPJ! Does it mean no more spam generated digests on my quiet forum?

If someone who is TL1 or higher replies to or :heartpulse: a topic by a TL0 user, will it then include it and generate the digest?

https://github.com/discourse/discourse/pull/3148


When is the digest sent? How to prevent sending until spam is removed?
(Dave McClure) #2

I don’t think so… but I doubt that’ll be much of an issue in practice. Once they become TL1, if they post something good, it’ll get digested.


(Jeff Atwood) #3

@techAPJ does this cover both “Popular Posts” and “Popular Topics” in the digest?

Looking at the code it seems it only does the TL0 check on the topic creator? That handles “Popular Topics”, which is good… but what if a TL0 user writes a post that is in the “Popular Posts”?

Are we sure this is covered?


(Tobias Eigen) #4

that would be a shame on my forum - where we often get people coming in to introduce themselves and then disappear for a while. I understand not wanting spam automatically being distributed. But if someone signs up and posts something worthwhile and a trusted user likes it or replies, it should be distributed to everyone so they get a chance to see it whether or not they stick around long enough to get to TL1.


(Jeff Atwood) #5

There is a “risk” here that if your Discourse is mostly TL0 users, digests may not get sent.

But the risk of sending out TL0 spam is high, and severe – as that goes to everyone. So I think this security precaution is worth it.

(I’d also argue the odds of a topic or post by a TL1 user being worth sending out to a digest is much, much higher…)


(Tobias Eigen) #6

If a TL1 person replies to a topic started by a TL0 person, will a digest be sent?

… I do appreciate the thinking behind this and am extremely grateful for it. The spam I have been getting from discourse forums (not just my own!) has been a bit depressing and I’m glad to see the end of it.


(Dave McClure) #7

No, the logic is not so complex right now. It simply excludes topics that were created by a user currently at TL0.

The only way a topic created by a TL0 user could get into a digest is if they graduate to TL1 before the digest is sent.


(Arpit Jalan) #8

The popular posts are extracted from popular topics, so TL0 user’s post will not be included in “Popular Posts”.


(Lisa Wess) #9

The majority of our users are TL0 at the moment; something we hope will change over time but may not. We need those posts included in the digest. Spam is not an issue since we have Akismet. Is there any way to configure this? This is a a disruptive change for some of our users.


(Robin Ward) #10

This is a really good argument for making it a Site Setting. @techAPJ would it be much work to make it a site setting that defaults to TL1 but some sites could set to TL0 to include those posts?


(Tobias Eigen) #11

Or Lisa can lower requirements for tl1?


(Lisa Wess) #12

Oh you know what? We have our minimum set to TL 1 anyway so it’s not a problem for us. Sorry about that, thank you for considering the use case!


(Jeff Atwood) #13

TL1 minimum also means you are much more vulnerable to spam, for the record. Many of our spam protections are around sandboxing TL0 users.

(Signup protections would not apply since this is a SSO scenario.)


(Tobias Eigen) #14

I am struggling to wrap my head around a spammer episode on my discourse today - see some screenshots below. 6 hours ago a user who registered 52 days ago posted some spam, in the process earning some badges!

It does appear the spammer spent the requisite time reading posts on the forum before posting, so I really have no idea how to prevent this sort of thing in future. Drag. :frowning:

#Spam post created using “reply as new topic” and quoting another topic. This was sent out in the digest.

#Badges awarded thanks to spam post!

#Activity history of this user - actually spent 21 minutes reading the site, read 74 posts. Presumably then earned TL1 and then posted.


(cpradio) #15

Do you have the Akismet plugin installed? Maybe that would have caught the spam and not let it proceed to the email digest?


(Tobias Eigen) #16

No, I don’t have akismet installed and will take a look at that. I was hoping to avoid akismet as long as possible… I have found it to be cumbersome managing the false positives in other contexts, and have been so impressed by Discourse’s ability to prevent spam so far. sigh


(Jeff Atwood) #17

Well this user went to extraordinary lengths, even making it to trust level 1. That is quite rare.

I suggest banning larger IP ranges in Admin, Logs as needed. Most spammers do tend to come from certain countries…


(Tobias Eigen) #18

What about an option for moderators to be notified whenever someone reaches TL1? e.g. as the user gets their notification that they were granted the badge, the moderator gets it too?

My trouble with that is that my communities are set up to serve people from those certain countries. :slight_smile:

I’ve now installed akismet so we’ll see what happens there. Thanks!


(Jeff Atwood) #19

Most of your users are from Pakistan?


(Tobias Eigen) #20

No, but we do have members in Pakistan. In our communities we want to be welcoming to people from other countries, especially developing countries.