Shared publicly  - 
 
Long Game

I operate a couple of Yahoo! Groups on topics like JSLint and JSON. I try to keep spammers out.

Four years ago yesterday I approved a membership. Yesterday, that member account posted spam. They waited exactly four years to the day before spamming.

Many reputation systems will consider length of membership when granting capabilities to members. That works when bad actors begin acting badly immediately. But it has no effect against the long game.
41
4
Chad Clark's profile photoJacob Alheid's profile photoMilton Baxter's profile photomatias berlot's profile photo
11 comments
 
Excellent general point. On the specifics, in this case can you distinguish whether it was really a long game or just a hacked mail account?
 
Or perhaps that account, registered with honourable intentions, was compromised and used for spamming.
 
Four years to the day would be tremendous coincidence for just a compromised account.
 
Actually sounds like the users account may have been ... 'commandeered' 
 
Even more difficult to manage when good accounts are hacked and you don't want to further impact the "innocent".
 
This is amazing, actually. I always assumed that the spammers are looking for a short-term profit. I guess that's mostly because a thriving community is usually a much better thing for all involved in the given topic than a few links to your website.

This is also another good reason for expiring inactive user accounts. Keeping the account active by periodically faking a meaningful activity would be so much harder.
 
+Radomir Dopieralski But if possible, would it be worth keeping the account?  One spam message amongh 9 other constructive messages can be individually purged, and the result is still 9 constructive posts.

http://xkcd.com/810/
 
Perhaps someone hijacked the member account in order to use it for spamming ... we all know about password security ...
 
The account owner's intention is totally irrelevant. Any reputation system that takes into account membership duration will be ineffective against both takeovers of long-held accounts and incredibly delayed maliciousness.
 
4 years is an awfully long game... but it wasn't long enough, as you were on to it in a day. Must have been a disappointing day for that spammer.
 
Good spam is like fine wine.  It costs quite a bit to set up an operation to collect, treat, and warehouse grape juice (or fake accounts), but the payoff increases with time.  The intersection of the time-value-of-money curve, and the value-for-age curve is where you deploy.