Mitigating Spam Registrations Using Plus Addressing and Offending Email Domains in Khoros Community Classic

Overview

In Khoros Community Classic, spam/abuse can appear as repeated fraudulent registrations and spam posts created using email “plus addressing” (aliasing/subaddressing) such as <user>+<tag>@<domain>, and/or from a specific offending email domain. There is typically no platform error message—this is identified by the pattern of unwanted registrations and posts.

Because plus addressing is a legitimate email-provider feature, the recommended approach is to block the offending domain using a wildcard ban (for example, *@<blocked_domain>) and clean up existing abusive accounts/posts. If required by policy, additional restrictions can be added via a Content Filter using a regex that matches + in email addresses.

Solution

Issue

Spam/abuse: repeated registrations and spam posts created with email aliasing (plus addressing) and/or a known offending email domain (for example, accounts using <user>+<tag>@<blocked_domain>), sometimes paired with misleading usernames (for example, “admin”-like names).

Important note about “+” in email addresses

Plus addressing (email aliasing/subaddressing) is a legitimate feature supported by major email providers. Blocking it globally can block real users, so apply any “+” restrictions carefully.

1) Block the offending email domain (wildcard ban)

In Khoros Community Classic, open Community Admin.
Go to Mod Tools.
Open User Bans.
Create a new ban with these settings:
- Username:* (wildcard)
- Email:*@<blocked_domain>
- User ID:0
- IP Address: leave blank (unless you also want to ban by IP)

This prevents new registrations and activity associated with @<blocked_domain>.

2) Remediate accounts that already exist

For accounts already registered:

Ban each abusive account individually.
Delete their spam posts/content.

3) (Optional) Restrict “+” email patterns via Content Filters (regex)

If you still need to block email addresses containing +, add a Content Filter using a regex pattern.

Example regex pattern (use as a starting point and adjust for your policy and environment):

r:\b([A-Z0-9._%-]+\+[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4})\b

Validation / How to confirm it’s working

Attempt to register (or validate via internal testing) with an address from @<blocked_domain> and confirm registration/activity is blocked.
Confirm the previously created abusive users are banned and their spam posts are removed.
Monitor new registrations/posts to verify the abuse pattern stops (or is significantly reduced).

Frequently Asked Questions

1. How can this issue be identified if there’s no error message?: The symptom is behavioral rather than an application error: repeated spam registrations and posts, often using email aliasing (addresses containing “+”) and/or a common offending domain (for example, many accounts from @<blocked_domain>).
2. Will blocking *@<blocked_domain> remove or disable accounts that already registered?: No. A wildcard domain ban prevents further registrations/activity from that domain, but existing abusive accounts still need to be banned individually and their spam posts deleted.
3. Should “+” (plus addressing) be blocked globally?: Plus addressing is a legitimate email feature. If it must be restricted, use a carefully scoped Content Filter (regex) and validate it does not block legitimate users unintentionally.
4. What if spam continues after blocking the domain?: Add bans for any additional offending domains being used, ban the newly created abusive accounts, delete their spam posts, and consider adding a Content Filter to restrict specific email patterns (including “+” patterns) if that matches your moderation policy.

Choose files or drag and drop files

Tags:

Was this article helpful?

Yes

Balaji Jayaraman
Posted
Updated