Tim, regarding your other post, if you don’t provide the information we’ve requested, it’s really, really tricky to know where to start diagnosing the problem.
EDIT: it looks like your reply was marked as spam automatically by the forum. I’ve just unspammed it.
I am running akismet, and hashcash currently, along with SI contact form. Anyone know if I can include WP-SpamFree ontop of those other plugins?
I had made a small plugin (question) on the registration page (if somebody needs, let me know). Tonnes of spam disappeared, but some strange spammers still register.
I noticed, that they have empty needed fields in from registration form. Therefore spammers register not from BP registration page. But from where?
Akismet, WP-SpamFree Anti-Spam, WP Hashcash, search for other anti-spam threads in thisforum
I know this sounds picky but those captcha images are really ugly.
crashutah –
– I will try to get around the FB Connect issue. I glanced at the code to see if I could understand the problem and I didn’t see it right away, though it’s more than likely the case (as you suggest) that FB Connect is not making full-fledged BuddyPress members (as opposed to the less fleshed-out WP users).
– I’m planning on making the group send invites tab visibility more fine grained, so sitewide admins can choose who will get to see it.
– Not sure I agree with you about people being used to comma-delimited fields – I can see my users getting terrified of such a phrase! Part of the reason for having separate fields is to prevent spam. It’d be easy enough to limit the number of permitted invitations with a comma-delimited list, but having separate fields makes it visually clear that you can only send a few at a time. On the back end, at some point in the future I will add the hooks and filters necessary to allow for address-book importing – the way the front end appears doesn’t really affect this functionality, as it all ends up getting stored as an array anyway.
Hi everyone,
I just checked in a trunk version with a bunch of fixes and new stuff. From the readme:
* Enabled Opt Out option for invitees
* Subject line is now customizable by the admin
* Admin can toggle whether users can customize subject line and message body of invitation emails
* Some localization bugs fixed
* Filtered spammers from group invitation list
* Fixed bug that may have caused problems with some MU limited email domain lists
* Email Address field is now auto-populated on Accept Invitation screen
If anyone feels like being an Outstanding Citizen and helping me out, they’re more than welcome to grab the development version https://wordpress.org/extend/plugins/invite-anyone/download/, deactivate and move their current version of the plugin, activate the dev version, and put it through the paces. I’m especially concerned to hear whether the opt-out feature works in the way that you’d expect.
Maybe it requires some backend server/email configuration to not get caught in the spam filter? The point being that person sent the request, they should get a response to that email if there is one.
– The Reply To idea is very good. I’m using wp_mail, WP’s built in mail function, which in theory should allow me to feed in some headers. I will give it a try – but no promises on this one, as I’ve had trouble making the WP default reply-to address work correctly in the past and don’t feel like tearing any more hair out over it 
This is a nice idea but I would tread carefully. it sounds like a classic SPF issue? my original problem at the start of testing this plugin were not receiving the emails that turned out to be our google business account marking them as spam, which wasn’t happening before but haven’t had a chance to track down what has changed.
Obviously I like this plugin a lot. Added it to my test site and everything went really smooth and easy. Just a few comments/bugs:
-It would be a great feature to customize the subject line (similar to the body). Would also likely want to include the name of the person requesting in the subject. As a side note, Facebooks email invite has a subject that says “Check out my photos on Facebook” Interesting way to get people to read the email.
-Email Invite should have the “reply to” from the person that invited them. Maybe it requires some backend server/email configuration to not get caught in the spam filter? The point being that person sent the request, they should get a response to that email if there is one.
-In the invite I sent it had an apostrophe and when it got to the email it shows the apostrophe with \’ in the email. Needs to be filtered/sanitized somehow?
-Would be really nice to have the email field auto-populated. Otherwise, people can sign up with a different email address and then it doesn’t update that the invite was accepted and that person never gets the group/friend invites (I tried). Granted, a lot of people have only one email, but would also save them time if it pulled in the email into the email registration field.
-Personally, I’d prefer it to just add the person to the group and make the requesting person their friend instead of sending them 2 more emails which could be confusing since you’ll get a total of at least 4 emails after activating (New Account, New Blog, Group Request, Friend Request). Maybe this could be an option that can be turned off or on.
Nice work. I love the person’s name on the registration page. I think touches like that could be expanded upon to really increase sign up rates.
Hashcash 4.5.1. doesn’t work for me anymore…
It does look like the spammers are starting to break through Hashcash again. I just got a new splog signup 11 minutes ago.
I give up, I’m just going to ban the proxies if its the only solution.
Do the rules need to be insert at a particular position in the .htaaccess?
The .htaccess solution posted above is working sweet for us.
Actually, because our site has such a wide niche and entices people to speak their mind, not sure that we want anyone from a proxy IP to have access anyway, so this kills two birds….
I had failed to do my code merge correctly
Never been a fan of CVS/Subversion, always get confused when it comes to merging,tagging, checking out, et al
Back to the Opt Out debate:
I’ll be updating our privacy statement to include, in the email address records section, acknowledgement that members can send invites to NON members and that those email addresses are stored in our DB but that we will remove any address on request.
As for the email I would be wanting a statement at the bottom of the email notifying the recipient that they may use the Site Admin link to request that their email address be removed from our DB records and no further emails be sent to that particular email address.
Checking through the Can Spam Act suggests that one of the primary compliances is for a clear and definite Opt Out notification.
The Act itself is, it’s to be noted, a Federal USA piece of legislation, so not necessarily binding on other countries, naturally emails sent to American addresses might be deemed to fall under the act but this area of international law and boundaries is a particularly gray area, but I’m going to have a chat with our legal chap to see what his position is on the Act, it’s probably a case though that it doesn’t hurt to reference it in the sent email.
PS: I think it is also interesting, that testbp.org now has a huge spam-problem too… Andy always mentioned, that it was ok… but it seems not anymore…
Hashcash 4.5.1. doesn’t work for me anymore… I had almost none spam-signups with the old version, but now there are alot! Maybe I will try the proxy-method mentioned above… (it seems, that it never is over… I thought I found a solution, but now I am flooded again 
)
hnla,
Whether legal or not, the feature would be a better user experience. Plus, I don’t know for sure, but I’m guessing that an “opt-out” link that removes your name from future emails would help to avoid getting your server blacklisted or filtered by the various spam filters as well. I’ll add it to my list to try and research some of the details for Boone so he can implement it the best way possible.
Not exactly sending emails in large quantities though, and as for Can Spam Act I would expect these to be emails being sent by members from their own contacts not a some random list they may have found, I might be inclined to point this out in writing to members though.
The functionality of this really needs to be kept simple and straightforward, with not too many bells and whistles – that can tend to confuse and overwhelm users.
“It’s possible to add a “I dont want to receive more invites” on each email? (like a unsubscribe link). This will solve a lot of headaches if someone start receive multiple invites from a lot of people.”
Actually something like this might be required by the Can Spam act. Not for sure of the details. I think we need to look at one of the Facebook emails and see what they have since certainly they’ve gone through a lot more work and effort to figure out how to send emails like this in large quantities.
Wondering if setting a quota? monthly? to the number that may be sent – not sure if there is any point to that but also mainly concerned with spammerish type issues arising and of trying to second guess non technical minded users managing to something very silly – not unkown
Excellent – and very glad to hear about the period-of-membership thing. If you have more ideas about how to allow admins to restrict visibility, let me know. I think it’s especially important for a plugin like this, which could quickly devolve into spammishness if left unchecked.
Hello to everyone following this thread. I just released version 0.4 of my Invite Anyone plugin, which, as promised, adds the invite-by-email feature.
https://wordpress.org/extend/plugins/invite-anyone/
Here’s what’s new:
– “Send Invites” tab added to the Profile section
– “Send Invites” has two subsections: Invite New Members and Sent Invites
– On Invite New Members, users can enter email addresses, a custom invitation message, and check off some groups that the invited member will receive invitations to when they join the site
– On Sent Invites, users can see all the invitations they have sent, as well as whether or not the member has accepted yet
– When a user accepts an invitation, they receive invitations to all groups to which inviter(s) have invited them, as well as a friendship request from each individual who sent an invitation
– A link is added to group Send Invites pages that goes to the profile Send Invites page and pre-checks the group’s box
– There’s a Dashboard panel for sitewide admins that allows them to control some of the default behavior of the Send Invites page, as well as the visibility of the Send Invites tab. You can create a blacklist of users who are not allowed to send email invitations (good if you have spammers in your community!), limit by blog role, or by length of time since joining the site.
It’s been fairly thoroughly tested, but it’s possible (likely even!) that there are still annoying bugs. Please let me know if you find issues or have suggestions.
I said I’d try and establish some test conditions to try and determine whether banned email domains were an issue in WP or BP, tests were not hugely conclusive sadly.
site running out of the box no modifications (WPMU / BP) – no anti spam measures in place. had been receiving ~ 10 -20 spam registrations daily (quantity of spam is governed to some extent by search engine ranking /prominence)
1/ Running WPMU 2.9.2 ALL BP plugins deactivated site open to user account registrations only.
24 hour period = no spam registrations at all – a surprising result!
2/ Conditions as above (1) but allowing blog to be registered
Start to receive spam signups – not many but only observed over a 6 hour period.
These do not match to any banned emails domains entered by me, so on the surface looks as though banned domains working BUT this is far from conclusive as they may simply not have attempted to.
3/ Activate BP 1.2.3 allow accounts and blogs to be registered.
Spam increases – not hugely though! of the 6- 8 received in a 12 hour period one is noted as having an email domain that matches to one entered in the banned domains list.
None of the above is that conclusive or useful sadly, it’s a difficult subject to run tests on. It does appear that BP probably does have some problem with the banned domain list, but then I get the impression that with each version 1.2.2.1 / 1.2.3 spam issues feel as though they are lessening but others may not be experiencing that.
I have the latest versions of WPMU and BP, but I have tonnes of spam.
It’s a pity, there are not any antispam plugins for BP which work on the registration page.
One problem I noticed
On the invite email that gets sent out this is the link, http://yourbpsite.com/register/accept-invitation/test%40test.com
I’m now using a different register page to prevent spam. If I change $accept_link in invite-anyone/invite-anyone/by-email.php to reflect my register page, will it break the plugin?
