[dotancohen]

  > I know some actual users get blocked. But the amount of spam we get without it, the amount of bot traffic simply overwhelming the server... It is just too much.

So why not just shut down the website? Or remove the form entirely? That will ensure that you get no spam, right?

One of the core tenets of system design is Availability. If your service is not available - if your forms are blocking legitimate users - then why are you pretending to have a form submission feature at all? Just to frustrate users?

[coryrc]

> One of the core tenets of system design is Availability. If your service is not available

The service won't be available to anybody because of overwhelming unwanted traffic. Now it's available for most potential users. You're speaking econ 101 when everyone else has played out iterated prisoner's dilemmas.

[CrimsonRain]

It is available to 99.9% of target demographic.

If you are getting blocked by CloudFlare, you are most likely not our demographic.

And there's always email address given in form submission, so a couple of users (like less than 5), emailed about the block and I added rules for each of them.

Better than taking down the whole thing because of bots scraping the site 5x more rate than humans.

[epistasis]

> So why not just shut down the website? Or remove the form entirely? That will ensure that you get no spam, right?

Turns out that people have a tolerance for a non-zero amount of work, but still have a limit.

Suggesting "turn off your website" is does not account for the desire to also provide some access.

Treat people who host content as humans, just as we must treat users as humans. There are tradeoffs, suggesting "shut down your website unless you provide access everywhere" is worse on all fronts for everyone.

[Dylan16807]

> There are tradeoffs, suggesting "shut down your website unless you provide access everywhere" is worse on all fronts for everyone.

Maybe, maybe not.

If block-heavy websites shut down entirely, we lose some content, but other content moves to block-minimal sites and the average user might be able to access more.

Also if there's no blocking crutch, and people get pushed into shutdown and are mad about it, they might fight harder for anti-spam technology and legal enforcement, which could improve the situation.

[BenjiWiebe]

Well I administer an ecommerce site, and for the checkout page I block everything besides Canada and USA.

Because those are the only two countries that we've ever in the life of our business, had a legitimate order from.

It prevents the majority of credit card testing, but it is tempting to apply it to the whole site to reduce traffic and server load.

[dotancohen]

Is be seriously pissed off if I invested the time to build a shopping cart and got to the order screen just to be turned away. I hope that you have a clear message somewhere that you do not ship outside the US and Canada.

[BenjiWiebe]

Yes it only allows US as the shipping address, and only US/Canada as billing address. The only reason we even allow Canada billing is because some of my relatives (Canadian) will order it and have it shipped to a parcel service on the US side of the border.