[Datagenerator]

Rate limit each unique source IP address would suffice?

[GabeK0]

This is already done! But then the spammers would just slow their spam bots down under or near the rate limit, and it would get very annoying seeing random max length messages appear over and over again every few seconds. You could make the rate limit even more restrictive, but then you ruin the experience for normal users. It's a tough problem

[Jarwain]

Do some comment uniqueness detection grouped by the source IP? If the same IP sends a bunch of messages that are Too Similar, blacklist them

[Jarwain]

After actually trying the site, this feels more tricky than useful

[angrais]

Have you experienced spammers or your website or is this preemptive?

Also, couldn't you generate a random six digit number and ask a user to write it as a workaround for using Google? Or use a self-hosted service?

[GabeK0]

Oh goodness have I experienced spammers.

The first version that I made ~6 months ago had basically zero protection against spammers/trolls/etc, and it's been a non-stop arms race since then. I could rant for long hours about the numerous types of attacks and what I've had to do to prevent them.

I like the random code idea. But you'd have to ask more than once, otherwise spammers could go through the code once and then turn on their script. So it again becomes a tradeoff of how much to worsen the experience for normal users

[jamescampbell]

This gives me an idea of building a type of web application firewall that would be used for chat related sites like this that would automatically block bots/spammers/trolls.