155

We’re testing this on Super User as of October 23, 2025

We’ve activated the anti-spam measure on Super User as a trial run. The Super User mods were excited for their site to be our test subject, and we’re excited to turn this thing on and see how well it works. We’ll be monitoring the effectiveness of this tool closely and working to improve it as we observe results.

We’ve also made some improvements to this initiative in response to your feedback, and we’d like to share some of them with you.

Recently Auto-Flagged Spam Dashboard

You asked for some logging/transparency, so we’ve created a dashboard for moderators to view how the anti-spam measure is doing on their site. We’re still considering opening up visibility into this dashboard to, for example, users who have the “access to moderator tools” privilege (10k+ rep), but discussion about that can happen later. Here’s how it looks for now:

Image of the recent auto-flagged spam dashboard, which is a table of posts with denoted current statuses. Posts that have a pending automatic spam flag on them will indicate how many pending flags it has in a status column. Posts unilaterally deleted by this system have a binding flag status in the status column. Posts that were non-binding flagged by later deleted by spam flags show as "deleted via vote". Posts that were automatically flagged but had deletion overturned have a status of "Overturned". All posts will indicate whether they are deleted or not with a deleted badge.

Posts will show up here if the anti-spam measure determines that, at a minimum, a non-binding spam flag should be raised. Here are the possible statuses that items in this dashboard may have:

Image of the status column’s information icon, expanded to show: Binding flag: When the system casts a binding spam flag on a post that is still deleted Overturned: When the system casts a binding spam flag that is later overturned Deleted via vote: When the system casts a non-binding spam flag on a post that goes on to be deleted via community vote 1 pending flags: When the system casts a non-binding spam flag, displays the active count of pending spam flags

We have future improvements planned for this dashboard, such as the ability to filter this view by status or by whether or not the author is a deleted user, which should aid viewers in auditing the system’s evaluations.

Improved post notice for recipients

You wanted a post notice tailored for spam deleted by this system, so we’ve built a post notice for situations where we’ve cast a binding flag on posts that the system confidently determines to be spam. When a post is unilaterally deleted as spam by this system, the post notice is changed to be more explanatory:

Image of the post notice for an automatically deleted spam post, which says: This post is hidden. Our system automatically deleted this post as it's highly similar to recent spam. If you feel like this was done in error, please flag for moderator attention and explain why this deletion should be overturned.

All onlookers receive this wording, not just the post author, so all users are encouraged to say something if the deletion was inappropriate.

Plans for follow-up after the trial run

Once we’ve collected data on how well we’re doing in defending Super User against spam, we’ll be creating a new post that will detail those results and any further improvements we’ve made to this initiative. On behalf of the moderation tooling team, thank you all for the feedback you’ve given to us so far!

Original announcement:

TL;DR

Many spam posts come to the platform in large, organized waves and are typically composed of a small number of very similar posts. We have developed this tool to review recently deleted content, detect anything new that is similar to it and take care of it via a set of automations.

To better protect the network of sites from spam, we will soon be releasing a new automated system that will be able to identify significantly more spam that would otherwise evade existing spam detection and delete it without any user/moderator action. We anticipate the work on this system being complete by early October.

How It Works: Leveraging recent spam

The core idea behind this new tool is simple: if a new post looks very similar to content we’ve recently removed for being spam, it's likely spam too.

To accomplish this, we're creating two constantly-updated lists of known spam content:

Per-Site Pool: The 100 most recent posts deleted as spam on each individual site. This helps us catch spam campaigns targeting a specific community.

Network-Wide Pool: The 500 most recent posts deleted as spam across the entire Stack Exchange network. This list will help us catch spammers who post duplicate spam across multiple sites.

Whenever someone makes an edit or creates a new post, the system compares it against all the posts in these two pools. This comparison calculates a similarity score that tells us how closely the new content matches known spam, and depending on how close in score it is, it takes an action on it.

Possible Actions Based on Similarity

If a post or edit is very similar, the tool will take action. The exact action will depend on how confident we are that the content is spam. Possibilities include:

  • High Confidence: Cast a single non-binding spam flag
  • Very High Confidence: Cast a binding spam flag resulting in deletion.

Our testing thus far has shown that very high similarity scores are a reliable indicator of spam, giving us confidence in taking decisive, automated actions. For legitimate users who believe their post was incorrectly blocked or deleted, the existing channels for appeal will be available.

What's next?

This new tool is designed to complement existing anti-spam tooling, enhancing the network's defense against spam and increasing the total amount of spam caught by automation. It will support existing community work, such as anti-spam projects like the Charcoal team. By automatically and immediately catching a significant portion of repetitive spam, we can free up time for moderators and other community members. We have additional plans to continue to address spam and will share more on those as they progress.

If you have questions, feedback, or thoughts related to this, please feel free to share. We will be monitoring this post for feedback until October 2nd, 2025.

Improve this question
19
  • 2
    Is it fine for multiple questions in one answer or would you prefer we split them up? Commented Sep 18, 2025 at 17:03
  • 2
    @cocomac Either is fine. I imagine I will have to take most of these questions back to the devs to get concrete answers anyway. Commented Sep 18, 2025 at 17:17
  • 20
    It seems like SuperUser is no longer swimming in spam. Is this why? Commented Sep 18, 2025 at 23:04
  • 20
    I asked, apparently not. They just... stopped? Commented Sep 19, 2025 at 0:59
  • 5
    @JourneymanGeek I don't think most of the SU spam was posted by real people. It's likely they have some autoclicker scripts that probably broke due to some underlying frontend code change. I'm sure they'll be back at some point.. Commented Sep 19, 2025 at 4:36
  • 1
    There was proof it was. Still - it is unrelated to these changes afaik Commented Sep 19, 2025 at 5:09
  • 9
    @Velvet it happens but it's quite rare. Most likely way to get a user with some rep posting spam is when the account was hijacked or sold. But some spammers also try to establish themselves by posting legitimate looking posts for a while (nowadays, it's frequently AI generated posts). Still, either of those are quite rare and it's probably fine to leave those to humans to detect and handle. The system here is best suited for the mass spam we see that can only really come from new accounts. Any spam campaign with established accounts would be very short once those are burned through. Commented Sep 19, 2025 at 14:52
  • 11
    @RebeccaJ.Stones Nope, not this. We won't be turning this on till sometime early next month. Commented Sep 19, 2025 at 19:55
  • @RebeccaJ.Stones they seem to be back. I wonder if its was a holiday in india and the spammers were taking a break Commented Sep 20, 2025 at 2:55
  • 7
    Curious about how the 100 was chosen, and whether it will be adjusted over time. A spammer could easily adjust their approach to simply lower their posting rate to fly under that radar. Commented Sep 21, 2025 at 12:14
  • 1
    @ElementsInSpace "proactive" as in "not waiting for users to report spam", presumably. Commented Oct 3, 2025 at 8:17
  • 3
    @SteveBennett That scenario is probably fine. It just leaves us where we're at right now. What we really struggle with is big spam waves where we might even get hundreds of posts per hour. Stopping those will be a huge leap forward in terms of fighting spam. Rooting out a spammer who posts once a month is, comparatively, not that big of an issue. Commented Oct 3, 2025 at 10:08
  • 2
    @DanGetz Still being worked on, we are pretty close to be able to test. I think we might be able to do that by the end of this month, but I will check for more concrete details. Commented Oct 14, 2025 at 21:07
  • 1
    @DanGetz: It's now in testing on Super User. See the updated announcement. :) Commented Oct 23, 2025 at 17:29
  • 1
    @cocomac I'll get that filed. Cheers. :) Commented Oct 23, 2025 at 18:42

8 Answers 8

Reset to default
55

Accuracy data

The exact action will depend on how confident we are that the content is spam. Possibilities include:

  • [...]
  • Very High Confidence: Cast a binding spam flag resulting in deletion.

Our testing thus far has shown that very high similarity scores are a reliable indicator of spam, giving us confidence in taking decisive, automated actions.

Could you show us the actual data?

For a binding flag, I'd really like to know the data (e.g., the historical TP/FP rate), as a binding flag is much more significant than just a single non-binding spam flag.

Logging/transparency

Can the flags cast (binding/not-binding) be logged somewhere that humans can review? A chatroom, similar to CHQ,for example.

SmokeDetector has human review, and it pings the users who had their accounts cast autoflags if an FP is gotten on an autoflagged post.

Overlap with SmokeDetector autoflagging leading to unintentional immediate post deletion

There's a potential for conflict if this system and SmokeDetector both attempt to cast non-binding flags on the same post, but combined, the combination of the two deletes the post immediately. There are various reasons there's limits on the flags we cast, and implementing this as a separate system (instead of as a new SmokeDetector rule that integrates with SE's system) means that those limits are bypassed.

While SE can, of course, decide to ignore this, I'd suggest that someone carefully consider this possibility and its implications.

Improve this answer
5
  • 23
    Can the flags cast (binding/not-binding) be logged somewhere that humans can review: That should be a MUST Commented Sep 18, 2025 at 17:25
  • 31
    Logging/transparency: As part of the release of this feature we're going to be pairing it with a dashboard that lists recently-deleted spam posts along with information about whether it was caught by this anti-spam measure, which we'll talk more about later. Initially we'll be limiting access of this dashboard to staff as we monitor its first efforts, but we'd like for moderators to have access to it as well. We've also had discussions around opening it up to 10kers or other network power users (Charcoal people immediately come to mind), but we're not ready to commit to that just yet. Commented Sep 18, 2025 at 18:08
  • 33
    Overlap with Smokey: We had a lot of discussion about this. In the end, we determined that if Smokey's quite confident it's spam (e.g. 3 automatic flags from Metasmoke, which is how many get raised in non-spam-wave, but high confidence, scenarios) and we're at least quite confident it's spam (enough to raise a non-binding flag), then we're comfortable with it being deleted instantly. Doubling-up with Charcoal's confidence is something we're okay with, but we'll be monitoring closely. Commented Sep 18, 2025 at 18:09
  • 2
    @Spevacus It probably comes down to how many false positives that get auto-deleted there will be and how many falsely deleted posts we all on average want to tolerate. Probably it's better to not instantly kill some non-spam posts and let some spam posts live longer than the other way around. One would need to see it in action and maybe do some quality control, which users can't do in case of deleted content. Commented Sep 19, 2025 at 6:35
  • 22
    @Spevacus Why would you prevent mods from accessing it initially, though? I can understand wanting to limit access but mods are more likely to have the time to actually review and act on the list than staff will. Commented Sep 19, 2025 at 15:05
25

The site I moderate is the worst affected (in aggregate, but we don't get hit by the big waves) - and a good part of our spam mitigation strategy involves destruction of spammy accounts. We have good informal tooling, and I'm trying to best adjust our workflows to this new tooling.

One of the more useful tools in identifying and destroying current spammers is seeing which users got flagged and going through users with more than 3 (I'd assume y'all would know where it is, under) flags, and community reporting.

So - is there somewhere I can check if a post has a binding flag, is destruction still a good way to stop a spammer, and would accounts that have been flagged as such have greater weight in other spam prevention measures?

Improve this answer
14
  • 6
    Let me know if any of these answers don't go far enough: 1. Like I said here, we have plans for a recently-deleted-spam dashboard, which you can use to administer fire judiciously if you want. 2. Destruction will still be a good way to stop a spammer, even if this new measure stops a post. 3. Accounts flagged in this way still feed into SpamRam which has its own rules, but helps. Commented Sep 18, 2025 at 18:21
  • Clarification/fr 1. Would there be a way to filter posts we have nuked the poster and if not could this be included? Commented Sep 18, 2025 at 18:24
  • 12
    @JourneymanGeek Assuming you're asking for an optional way to filter out deleted/destroyed users, that's something I can let them know is desired, yeah. I'll make a note. Commented Sep 18, 2025 at 19:22
  • It's helpful to destroy users so they can't come back and post more spam. Currently it's easy enough to find red-flag deleted posts (through search) it's hard to find red-flag deleted posts by users who have not been suspended or destroyed without manually going through every post @Spevacus | If more posts are being deleted without a moderator looking that makes it likely there will be more accounts not addressed through mod message or profile destruction. Commented Sep 18, 2025 at 22:37
  • Bit of clarification - we have a bunch of things the moderators on super use do differently, like community-sourcing reports and a few additional processes. Currently some other sites have started to use use similar processes but practically our tooling and techniques are very informal, and possibly unique to parts of the super user moderation team. It isn't tooling used by most mods, even if nothing we use is unavailable to other sites. Commented Sep 19, 2025 at 13:40
  • 1
    @HenryEcker The search results list the username and reputation of the poster. This should make it fairly obvious if the user was destroyed and should at least allow mods to only investigate users with a reputation of 1. But (unless it's changed) destroying doesn't prevent users from coming back. They can always recreate the profile and post again (when the suspension runs out). I don't know whether that ever happens but I'm not sure anyone's ever checked. It's likely easier for spammers to create new accounts than maintain a spreadsheet of when old accounts can be used again. Commented Sep 19, 2025 at 15:12
  • @Catija I'm not overly concerned with spammers coming back after the suspension which I do see occasionally. However, I regularly see accounts that are not destroyed come back and post more spam, in days, months or years later from the same profile. I am in favour of increasing their overhead by at least requiring them to use a separate email address or going through the account creation workflow as a way to slow things down. But what I did mean to say was "destroying the account so that profile can't post more spam" Commented Sep 19, 2025 at 20:24
  • While it is true that it lists the reputation in search, I personally don't find it "fairly obvious" to see already destroyed accounts especially now that deleted users are linked form the question page. Previously it was really obvious because the destroyed accounts weren't linked. But since many spammers use the default username literally the only difference in the list is some of them are like user1234141 1 vs user1231541 and at a glance it's hard to tell that the first one has an extra 1 at the end for their reputation. Commented Sep 19, 2025 at 20:24
  • @HenryEcker destroying the account isn’t a concept that exists - what do you think it means? Probably the closest thing is deleting the account… but that would make it possible for them to reuse the email for a new account. If you mean something more like a network suspension that lasts for decades, that currently requires a CM. Commented Sep 20, 2025 at 1:01
  • 1
    @Catija On Moderator menu there is a Destroy user (includes content) link and a Delete user link, so the UI makes destroying a user a concept. Commented Sep 27, 2025 at 0:38
  • 1
    @avpaderno Cat's probably familiar with the mod tools. I think the confusion is over how per site and network wide accounts/profiles are described. Commented Sep 27, 2025 at 0:44
  • @JourneymanGeek There should not be that confusion when a moderator speaks of destroying a user because moderators cannot take any action on network accounts. Commented Sep 27, 2025 at 0:50
  • @avpaderno Henry specifically says "Destroying the account so that the profile can post more spam" - so there seems to be no confusion there. It seems to be about the actual account, not the specific profile. Commented Sep 27, 2025 at 16:42
  • 1
    @Catija Outside Stack Exchange, user, account, and profile are used interchangeably. The only way to avoid confusion is to speak of network account and user profile. My first comment said something different, though. Commented Sep 28, 2025 at 11:44
20

It's good that there's investment in tools that actually help communities, and that it's a network-wide investment rather than something focused on Stack Overflow.

However, I do have questions.

First, why only take advantage of recent posts deleted as spam? This is a text classification problem that could be done with supervised classification, and the network has a wealth of data - over 17 years of data on Stack Overflow alone. There are also continuous learning techniques to continue to retrain the models. There may be a data quality issue, but as a moderator on three sites, I'd be willing to volunteer some of my time to verify posts deleted as spam on my sites, and I suspect others would be willing to contribute time as well. Limiting to very recent spam feels like it would limit the usefulness of this tool.

From a technical perspective, are there any plans to write technical blog posts about this implementation? Since the platform is on Google Cloud now, I'd be interested to know if any of Google's AI/ML offerings are being used and how they are being used to solve this problem at Stack Exchange network scale.

For high-confidence posts, those would result in moderator review (unless there were enough other non-binding spam flags to handle the post immediately). For binding spam flags, there's probably something in a moderation dashboard somewhere to review them, but I'm not sure where it would be. Are there any plans to make automated actions more visible to moderators, if not high rep users, to be able to verify them? I suspect that a user may be able to cast a flag (or, if they have enough reputation, ask on meta), but this seems to be an unreasonable expectation.

Improve this answer
13
  • 3
    I imagine the infrastructure for this simpler system might be reusable later for something ML based, should they decide to go that direction. Commented Sep 18, 2025 at 17:52
  • 12
    Machine learning for spam detection has been in use for decades at this point, but I think this is tackling the problem from a different angle: rather than a single test for "is this spam?" it's testing "is this a duplicate of $recentSpam[0]?", "is this a duplicate of $recentSpam[1]?", and so on. That's fundamentally not scalable (you can't run millions of comparisons against every new post), but it's useful as an additional tool, with just enough memory to detect the "organized waves" frequently seen on the network. Commented Sep 19, 2025 at 11:06
  • 6
    Analogy: trying to stop shoplifters stealing from your shop. You can train your staff to look out for certain suspicious behaviours (rule-based filtering); you can review footage of shoplifters to identify things they have in common (machine learning); but you can also distribute photos of known individuals to look out for (comparison against recent examples). The three approaches compliment each other. Similarly, the network already has various tools in place (SpamRam, Charcoal/SmokeDetector, etc), which this new tool is going to complement. Commented Sep 19, 2025 at 11:22
  • 1
    @IMSoP Maybe. Before this, we didn't have spam detection in place and relied on users (or SmokeDetector) to flag it. On three sites and over 13 years moderating, I would find the first option - asking if something is spam - far more broadly applicable than the second - detecting if something is similar to recent spam. Both could be useful, but asking if something is spam would both catch one-off spam as well as mitigate many spam waves. So perhaps this is a good question: When are we getting the first? Commented Sep 19, 2025 at 11:24
  • 1
    @ThomasOwens SmokeDetector is automated spam detection. Having it run by staff rather than volunteers wouldn't fundamentally change its accuracy. The more general you make a detector, the more complex it is, and the higher the risks of false positives; so supplementing that existing tool with one that is narrowly targeted at a particular case makes a lot of sense. Commented Sep 19, 2025 at 11:32
  • 1
    @IMSoP Maybe it wouldn't change its accuracy. But there is something to be said for integrating the functionality into the platform. It should make it more robust to platform changes, easier to integrate into new features, and integration into dashboards and queues for permissioned monitoring/review. I don't consider SmokeDetector to be a given - it's been turned off before. Maybe this makes sense as a first step, but a platform-integrated SmokeDetector is far more useful to me than this. Commented Sep 19, 2025 at 12:20
  • 1
    @ThomasOwens I don't think this is a "first step" to anything. If SmokeDetector had been built entirely by SE Inc, or integrated by them years ago, this would still be a useful, separate, feature. Commented Sep 19, 2025 at 13:07
  • @IMSoP I think you're missing my point. I hope that this is a first step in that it's covering a gap in SmokeDetector and that the second step is ultimately replacing SmokeDetector with functionality integrated into the platform. As it stands now, for the three communities I moderate, having this feature isn't that useful to me. I do know that certain communities have faced spam waves, but it's not a network-wide problem. Commented Sep 19, 2025 at 14:02
  • 2
    "Before this, we didn't have spam detection in place and relied on users (or SmokeDetector) to flag it." - Then what is SpamRam? Commented Sep 19, 2025 at 14:16
  • @dan1st I was under the impression that SpamRam was based on flags on accounts (across the network) that restricted or prevented the ability to post or create new accounts if there were spam flags cast. Things like adding restrictions to new users on sites if the network account was spamming or rate limiting an IP address (especially where you don't need an account to post). I don't think it has anything to do with post contents. Commented Sep 19, 2025 at 15:04
  • 2
    A lot of spam does get blocked automatically, see meta.stackexchange.com/a/406370/334566 Charcoal deals with what spam manages to get posted despite those automated systems that Rosie mentioned. Commented Sep 20, 2025 at 10:37
  • 3
    As far as your second question goes, we have discussed doing a follow-up post on how it's going/working. I will float the idea of a technical deep dive, though. Those can be fun, just depends on dev bandwidth and marketing stuff. I can get it on product markets radar, though. For your other two questions, I will have to circle back. I was out on leave for part of this tool's development, so I'm missing a few of these pieces. Commented Sep 23, 2025 at 14:01
  • Comparing to all spam instead of only recent spam might not be worth the extra CPU time. Spammers tend to change their methods over time, so most spam today won't be similar to spam from two years ago. Commented Oct 3, 2025 at 18:27
18

Does the new tool have some name?

It is a bit awkward to talk about it as "the new tool" or "the new anti-spam measure" and other verbose descriptors, rather than a name. Compare it with "SpamRam".

Improve this answer
7
  • 13
    I propose the CLONE CRUSHER, Commented Sep 19, 2025 at 13:37
  • 2
    @JourneymanGeek I like your suggestion. Nonetheless, since, at least in certain ways, we're basically in a "war" with the spammers, I would also consider "The Clone Wars" 😁. However, that would very likely confuse everybody with the well known previous instance where this term has been used, not to mention that this would be more descriptive of how this new tool would be used, rather than what it is or does. As such, I consider your suggestion to definitely be a better choice than mine! Commented Sep 19, 2025 at 15:30
  • 4
    @JohnOmielan considering they don't want to call the roomba the roomba, maybe having a legally distinct name would be good ;) Commented Sep 19, 2025 at 15:40
  • 1
    "Spam Assistant" Commented Sep 19, 2025 at 15:41
  • "SpamAssassin". Although on a quick search there is already spamassassin.apache.org Commented Sep 20, 2025 at 6:18
  • 14
    "Spam Post Automatic Mitigation," or SPAM for short? Commented Sep 22, 2025 at 14:31
  • 1
    I like that but would like to propose adding a "C" to it for CSPAM or Clone-SPAM to distinguish it from the more generic meaning and have non-insiders not mistake it as a universal anti spam tool. Commented Sep 30, 2025 at 10:26
16

I've previously voiced some concerns and offered suggestions about this project and - while some of them have been addressed (thanks!) - I think there are a few things that need more transparency for both posters and moderators.

For the posters, you say:

For legitimate users who believe their post was incorrectly blocked or deleted, the existing channels for appeal will be available.

A couple of things - you're not "blocking" any posts. Yes, that was considered but that seems to have been set aside (rightfully, in my mind). You're either deleting or flagging, the latter of which shouldn't lead to deletion for legitimate posts.

While it's true that users can go through the existing channels, it also requires that the user be aware of this issue. Flagging is easy to miss by many new users and it's unclear to me that users would consider flagging to be a way to get help in the case your post is deleted by the system. I would encourage y'all to create an OP-specific post notice that explains why the post was deleted and how the user can request review by a moderator. This could look something like:

Our system automations determined that this post resembles recent spam and was deleted. If this was in error, request that this be "looked at by a moderator" through the "flag" menu on the post and explain why it should be undeleted.

Additionally, are you putting any reputation-based safeguards in place? It seems uncommon for spam posts to come from users with more than 1 reputation, so I could imagine reducing false positives by downgrading a "very high confidence" deletion to only raise a single flag.

For moderators, a comment says:

Logging/transparency: As part of the release of this feature we're going to be pairing it with a dashboard that lists recently-deleted spam posts along with information about whether it was caught by this anti-spam measure, which we'll talk more about later. Initially we'll be limiting access of this dashboard to staff as we monitor its first efforts, but we'd like for moderators to have access to it as well.

I'm not sure I understand why mods shouldn't have access to this dashboard from the start (or why the dashboard wasn't mentioned in the question). I can understand limiting it to mods and then later expanding it to 10k users (and I specifically suggested this as a way to augment the 10k tools when discussed on the Mod Team) but I don't understand why you'd hamstring the mods in this way during the initial release.

Many tools pages have different actions based on user type - such as the blocklist page - so if you don't want to give mods actions you're considering building into the page, you can solve for that by special-casing the page by user type. Mods will need easier ways to review these deletions as they may otherwise go unnoticed by the mods. I don't think staff will be reviewing these lists across all 180 sites - please let the mods have access from the outset.

Hopefully, this tool will reduce spam wave duration and post volume significantly, which means it's more likely that mods and other engaged users will be unaware of what's going on, leading to reduced engagement in the oversight tools you create. One thing I think would be helpful is a way to ensure mods are aware that a spam wave occurred (or is occurring) on the site. This could be done as a new autoflag that is triggered when more than n posts are deleted in a period of time but you'd also want to allow it to scale to avoid constant flags that mods can't really do much about.

Let's say the system deletes 5 posts in the last few minutes, which would trigger the initial flag. Then to reduce the volume of flags, it could start counting and only raise additional flags hourly for each hour that met that minimum count of posts deleted. At the end of the first hour, maybe it reports "20 posts deleted as spam during this wave", and it continues every hour until the posts slow below the minimum trigger volume. If it was really fancy, once the wave has ended, it could raise a summary flag - "The spam wave has ended. Overall, 300 posts were deleted during this wave."

The flags can link to the dashboard so mods can review the posts if they wish and take any additional actions they deem necessary. I think it's reasonable to include all spam-deleted posts, not only ones deleted by the system.

I could also imagine this being implemented outside the flagging system, such as an RSS feed in designated chat rooms or something else like that but I'm not sure what the options might be. The issue with flags is that they can be dismissed by one mod, leaving the others in the dark - while that's not likely intentional, having something that's more informational and can't be dismissed for everyone by "handling" it would be better.

Improve this answer
3
  • 5
    Re: Explanation to OPs for del. spam - Something we talked about, and something we're trying to plan for. The post notice recommendation is precisely something we're floating. Not promising for an initial rollout, but the experience for users on the receiving end is something we're planning for. Re: Dashboard - Pretty sure the plan is to make the visibility of this dashboard configurable via site settings, so we can try and get mods dashboard access the moment this is launched, that's important and I agree. More eyes are better. We'll talk about it. Thank you for calling it out. Commented Sep 19, 2025 at 16:36
  • 2
    I'm thinking of the scenario where a genuine user gets a post mistakenly deleted as spam. Do they get notified when their post is deleted? Commented Sep 20, 2025 at 0:46
  • 4
    @PM2Ring there was discussion at some point about notifying users when posts were deleted but I don’t think it was ever built. Commented Sep 20, 2025 at 1:03
13

This sounds like a good idea to me. I note that you're looking to take some actions on edits, which in the past have been less protected. Great! I recommend you not cast an automatic spam flag against a post if the edit was done by a user who was not the post's author, including for Community Wiki posts. You can still log it somewhere, custom flag, etc.

Improve this answer
9
  • Why would any user edit a spam post? Commented Sep 18, 2025 at 18:56
  • 36
    @A.L - sometimes posts are not initially spam but then later edited and made into spam Commented Sep 18, 2025 at 19:21
  • 8
    @A.L An example of what devlin states: some spammers post answers that may seem related to the question - but they contain (or are later edited to contain) an unrelated product link. Good Samaritans might not read too closely, and end up editing the post in good faith. Commented Sep 18, 2025 at 23:29
  • 1
    Yep. In general, those spam accounts won't have enough rep to access the "edit posts" privilege, so their suggested edits are noticed and rejected via the review queues. Commented Sep 19, 2025 at 16:47
  • 1
    Thanks for the examples. So let's say one legit user edited a post yesterday, today the spam account edit its own post and add spam, the new system may raise a spam flag. And it shouldn't have any impact on the legit user who was the previous editor, like today? Commented Sep 21, 2025 at 13:53
  • @A.L post flags can only have automatic effects on the poster, not on editors. If a flag indicates a problem with an editor, that would have to be handled manually. Commented Sep 21, 2025 at 13:56
  • @DanGetz So, is this answer describing an event that should or will never occur? Commented Sep 21, 2025 at 14:32
  • @DanGetz It's about this part of the answer "I recommend you not take action against a post if the edit was done by a user who was not the post's author". Now that you ask, I'm not sure if "you" refer to the anti-spam bot from the question or the moderators. Commented Sep 21, 2025 at 14:42
  • @A.L thanks for clarifying. I meant the bot. I'll edit to clarify my answer. Commented Sep 21, 2025 at 14:49
12

Regarding Spam in SE Networks, we have some history with spam accounts on The Workplace. You may want to look into those efforts now that SE is taking more 'proactive' measures.

We have had Smoke Detector for a while now and it has been working well (kudos to the Charcoal team and @Makyen who is always there to support and help with Charcoal/Smoke stuff).

Some years ago we had a big spam user wave hitting us and I noticed a pattern: spam users were created, remained 'dormant' for a while, and eventually they activated and posted Spam, along with a Spamm-y user description and links (basically promoting a product/service).

At first I took upon the work of checking New Users created and go one by one and detect the ones that were obvious spammers and nuking them. However, eventually (I don't recall exactly when and with whom of the CM Team we talked to) the strategy changed: we were told to avoid nuking them and instead change their names to "SPAMMER", while also removing the spam content/links/profile pics.

This, as far as I understood, would help to still have those users around to study and learn about their nature and patterns. I still go hunting for new users now and then and give them the spammer treatment, but not as frequently as before as it is still very manual and time-consuming (and they keep coming regardless!).

My two cents on the things I think are evident signs of spammy users, and things that could be heuristics or criterion for Automated Spam detection:

  • Most if not all of them include a Profile Picture of a Company or similar.
  • Most if not all use their links for their company/product URL
  • Most if not all use their location as the location of the company/product
  • All of them include on their Profile Description such Spam content promoting the product/service

As a side note, I recently learned that SmokeDetector was/is having problems with SE servers limiting the access rates to chat pages (which hampers SD's job). I also recently learned that, apparently, SE already attempted to fix that (?) but now Cloudflare is again limiting and hampering SD's ability to do its job... maybe whitelist SD on Cloudflare or something? Disclaimer: my knowledge on this specific matter is not extensive so this paragraph might not be 100% accurate.

I think that supporting and helping existing efforts should be given a very high priority.

To conclude, I'm sharing some examples of the dormant users and the spammer treatment mentioned in this answer:

I literally went to Users > New Users > Creation Date and saw a clear example of a dormant Spam account (hasn't posted yet but their profile has Spam description and content). Here is a screenshot of that user's profile (I won't give the spam treatment to this one so you all can look at what I mean):

example of dormant spam user

I browsed a bit back in time and here is an example of a user that was given the spam treatment along with a screenshot:

user that was given the spammer treatment after being caught

Hope that this helps in the process of fighting Spam in the SE network!

Improve this answer
2
10

The payloads of these spam wave posts are mostly phishing scam contact numbers. Why do the spammers persist in posting even though the posts are usually deleted within ten minutes? The theory is that Stack Exchange is not actually the primary target, it's just a springboard. The scammers hope that their post gets scanned by a Web search engine crawler before it gets deleted on SE. That pollutes the ML data of the search engine, increasing the probability that the search engine will regurgitate the phishing scam number.

If that theory is correct then you could make Stack Exchange sites unattractive to those scammers by delaying the search engine crawlers, eg by increasing the crawl-delay parameter in robots.txt. Has this been considered?

Improve this answer
6
  • 2
    Do you think the spammers would even notice that? Commented Sep 20, 2025 at 5:39
  • 3
    @dan1st Fair point. I assume that the spammers measure their success by seeing how many of their posts turn up in search engine results. But I suppose they could just be saturation bombing us with spam and hoping that some gets through, without doing any testing. Such a strategy might be feasible if the spam were being posted by bots. But it appears that the spam wave stuff is posted by humans, probably using phones. So they probably want some way to test if a target site is a useful springboard. SE is currently attractive because our pages get indexed quickly by the search engines. Commented Sep 20, 2025 at 7:19
  • 7
    Crawled very quickly indeed. I recently posted an incomplete answer, then immediately edited to finish it, but while I was there, went to check my terminology in a separate search window. My partial answer was already on the first page of hits. Commented Sep 22, 2025 at 12:54
  • If this is an attack on search engines and AI companies and needs to be solved by adjusting the crawling, why should SO solve the issue and not the crawlers? They could easily ignore stuff younger than 20 minutes, as they can rely on dates on this site being correct. Commented Sep 24, 2025 at 11:45
  • @julaine Well, it's a problem for SE too, because we get spam dumped onto our sites. Normally, active sites want search engines to index them as frequently as possible. And if a site is popular then the search engines "reward" the site by crawling it frequently. If a site has some reason to want crawling to be delayed, the standard way is to set a crawl-delay in the robots.txt file. I expect that most Web site owners would not be pleased if Google etc just decided to crawl their site less frequently because of spam unless the site explicitly asked for crawling to be delayed. Commented Sep 24, 2025 at 12:36
  • 3
    @julaine Nirvana fallacy. While we wait for "nirvana" (search engines to do something about it), we're getting hundreds of spam messages per day. Some days thousands. The scammers have, in the past, crippled the ability of some of the smaller stacks to function by overwhelmig it with spam. So, please first explain - why shouldn't anything be done? Why should we endure what spam that verges on denial of service? And keep in mind the facts that Google hasn't really seen fit to do anything about this spam hitting its results. Commented Sep 26, 2025 at 16:24

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.