Membership Abuse

Most of you have probably implemented some type of security measure at some point in your coding career.  These range from authentication, data validation, and unauthorized template access, but have you ever coded to prevent abuse of members by other members. 

I code a site that has a decent membership.  The site requires email validation as a first step in verifying that the member has a valid email.  The site features forums as well as well an internal mail system.   Since site membership is free, having any further validation without going all big brotherish is out of the question, so I must resort to softer measures.   Lately I've had members from foreign countries try spamming members with scams similar to the Nigerian 419 scam.  So to protect the privacy of the members, how do you ensure that your members have an enjoyable experience?

Here are a few ideas to ponder.

Have a Terms of Service (TOS) agreement:
Clearly state on a document somewhere on your site what the site will and will not allow.  You don't need to have a lawyer to do this, but if you can afford one, do.  I believe any website that allows user input of any kind have some sort of TOS in place.  There are also plenty of examples of TOS's on the web that you can use for ideas.  I suggest an unobtrusive footer link to this document.

Limit Alarm:
A limit alarm is where you have a member that has exceeded a normal amount of a specified activity, such as posting the same item many times to either a forum, or multiple mailings to every member of your site.   You can also set a quantity vs. time check to avoid someone coming on and spamming the entire membership.  The alarm could be a notification of possible abuse to the administrator to an automatic deactivation of a feature for a specified time.

Baysean Filter:
Usually applied to incoming email, a Baysean filter could also be applied to a forum, blog or internal email system postings. I'm personally still exploring this one as most of the existing filter code currently ties directly into a mail system.  I haven't found any Baysean filters targeting a forum or database content such as an internal mail system.

Individual User White List and/or Black List:
Similar to what you see in your IM clients, but a way for each member to either allow specific members to contact them or ban a member that has acted inappropriately.   I also suggest an administrator ability to view a master ban list with ban counts for possible further action.

Community Policed:
Provide easy methods for your members to report problems with other members as well as a visible rating system such as a thumbs up count by other members.  I'd stay away from any negative rating system as to avoid a range of hassles (including legal).  Let a good rating stand for itself and allow members to revoke their endorsement of a specific member.

Don't forget the Law:
The FBI  and DOJ can be your friend.  Since I have a semi-closed system, any spammer or con artist that gets in far enough to try spam or con is probably a great target for a sting, especially if you have a valid return email address and the closed system may provide a false sense of security to the offender.