Defense against spam bots


I am a relatively new developer and I am building a web mail client using the ESI API to teach myself. I concerned that bots might start using the application once it’s deployed and I’m not really sure where to start with preventing it.

This is it common for 3rd party eve applications to be used by bots? Does anyone have any suggestions as to what I can do to prevent it?

As an example I can think of a scenario where a bot would spam mail to random people using an alpha clone account. That would probably get my application blacklisted by ccp.

There is a limit of 5 mails per minute.

You could prob just keep an eye on the amount of mails sent by each person and if they exceed a given amount (whatever that would be depending on the context of your app) then raise a flag and investigate it.

Or (depending on how manual you want this to be, again given your context not sure if doable) but like have to approve each person that signs up to send mails. Say like a boolean column in the db where they cant send mails if that is false. Default it to false when they create an account and set it true once you verify they are not a bot etc.

There are options just depends on what your app will do and how automated you want to be. But really i wouldn’t worry too much about it, you could get more mails off faster and of a higher volume spamming mails in game.

I did not know about the 5 mails per minute. That is a relief. My app isn’t using a database so I would have to add other checks elsewhere if it’s needed. Thank you for your response!

No problem.

Will start to receive 422 status codes once you hit the limit. What i just do it catch the response, sleep 1 min then retry. Can take a while when i’m sending a good amount of mails but it works.

I will probably hardcore a timer and a counter that is visible to the user so they know the limit and also prevent sending messages should it go over.

You can also use recaptcha (or any other alternative) to protect a little more.