I operate a couple of Yahoo! Groups on topics like JSLint and JSON. I try to keep spammers out.
Four years ago yesterday I approved a membership. Yesterday, that member account posted spam. They waited exactly four years to the day before spamming.
Many reputation systems will consider length of membership when granting capabilities to members. That works when bad actors begin acting badly immediately. But it has no effect against the long game.
This is amazing, actually. I always assumed that the spammers are looking for a short-term profit. I guess that's mostly because a thriving community is usually a much better thing for all involved in the given topic than a few links to your website.
This is also another good reason for expiring inactive user accounts. Keeping the account active by periodically faking a meaningful activity would be so much harder.
+Radomir Dopieralski But if possible, would it be worth keeping the account? One spam message amongh 9 other constructive messages can be individually purged, and the result is still 9 constructive posts.
The account owner's intention is totally irrelevant. Any reputation system that takes into account membership duration will be ineffective against both takeovers of long-held accounts and incredibly delayed maliciousness.
Good spam is like fine wine. It costs quite a bit to set up an operation to collect, treat, and warehouse grape juice (or fake accounts), but the payoff increases with time. The intersection of the time-value-of-money curve, and the value-for-age curve is where you deploy.