Google, among others, publishes an API which allows one to find out if a given internet resource is associated with spam or phishing.
It’s intended to run on browsers, however there’s no reason it couldn’t be used to help identify spammers and others who join forums with ill intent.
I’d like to see this in core, but I’d understand if this was pushed off as a plugin:
- Users below a certain trust level have all URL and URL-like text checked against this service. Certainly anything the system turns into a link, onebox, or otherwise. If they come up hot, then the post is put into a queue and NOT posted by default. The queue is then reviewed by the moderators and allowed or disallowed and other actions taken as appropriate.
- Users above a certain trust level are warned if their post contains a link which has been identified as spam or phishing, but they are not prevented from posting it.
- When such links do appear in the forum (whether via approval from moderator, or from a trusted user) they are hidden behind “Click to reveal possible spam/phishing link” which must be clicked before it can be clicked again in order to go to the target.
This may seem like overkill, but it can be automated, provides a significant level of protection for forum users, and makes it that much harder for users to abuse forums for personal gain or amusement.
I’d rather see it in core than a plugin simply because I’d like all discourse forums to be safe by default. I suppose it would be quite low on the priority list, but please consider adding it as an intended core feature.