[j45]

That would be a nice blog post to read - not because it's proprietary, but dealing with spam traffic is so common.

Sometimes rate limiting individual sessions, and IPs, and combinations of them, and even using fingerprinting on suspected sessions of certain kinds.. to discover in some cases that a lot of small walls can sometimes cause some automated bots to move on.

[andershaig]

Absolutely. I was surprised both in the scale of spam attempts in certain scenarios and how quickly it died with different mitigation measures. It's a challenging thing to blog about because some of the heuristics can be fixed. To be super vague, when you have a certain amount of data about a user if metadata A should be correlated to metadata B and it isn't, that bumps the score. It's not enough on it's own if there are legitimate reasons it doesn't have to be correlated.

I'm always happy to chat through some of the details individually.