openid used for spamming

Brad Fitzpatrick brad at
Wed Jul 6 09:01:47 PDT 2005

On Wed, 6 Jul 2005, Evan Martin wrote:

> Our little baby's all grown up!  Brings a tear to my eye:
> But in seriousness, I want to emphasize that this is *not* a flaw with OpenID.
> That LJ allowed anonymous comments, so they didn't need an OpenID to
> do the spamming.


And yeah, what Evan said:  all OpenID-authentication comments should be
assumed to be spam (same as anonymous) until judged otherwise.

I know of a couple companies/people working on web services that given an
OpenID URL (or blog URL, same thing often), give you the "trustiness" of
that user, based on a global map of friend edges, XFN, Blogrolls, OPML,
etc.  Once there are several of these in play, everybody can choose which
service they want to use to automatically promote OpenID auths from
"likely spammer" to "likely okay".  LiveJournal will likely be one of
these providers.  Hopefully we can all agree on a common API (like the DNS
RBL people have) so you can just list who you want to use.

- Brad

More information about the yadis mailing list