Craigslist implements phone verification to fight spam; spammers fight back (2008)


Craigslist — the online marketplace that pretty much still looks the way it looked when it went live all the way back in 1995 — has the same problems every online marketplace has: spammers and scammers.

Craigslist map

The battle against people seeking to abuse the system has been ongoing since the site’s inception, but in 2008, Craigslist implemented a new control measure that temporarily stymied spammers who had found several ways to beat the systems previously employed by the online market.

To mitigate spam and limit the effectiveness of scam operations, Craigslist began requiring a phone number for verification on certain postings. This posed a problem for spammers hoping to engage in mass distribution of their “offerings” since it was unlikely any spammer or scammer would want to have their personal phone tied to their illegitimate (if not actually illegal) operations. When an ad was submitted to Craigslist, the site’s automated verification process would call the ad poster to relay a one-time code that would permit the listing to be posted.

That wasn’t the end of this new weapon against spammers deployed by Craigslist. If successfully-posted ads were subsequently flagged by other users as spam/scams, the phone number associated with the ad placement would be blocked.

This led to a pitched battle between Craigslist and scammers/spammers who were interested in exploiting the market’s reach. A long discussion on a message board frequented by spammers suggested several workarounds to avoid the countermeasures implemented by Craigslist. (To give you some idea how far back this discussion goes, there are recommendations for utilizing pay phones.)

Some suggested using a method favored by drug dealers and other criminal conspirators: burner phones. This was an admittedly-expensive workaround for a business model that requires hundreds of views to attract a few paying victims.

Others suggest buying subscriptions to online spam enablers — ones that provided users with tons of disposable numbers without the expense of buying new phones every time a phone number was rendered unusable.

Many of these suggestions were rejected by forum members, which suggests spam is only profitable when costs hover near $0. Some members speculated Craigslist was eliminating even more options by rejecting any numbers linked to VoIP services — the cheapest option for aspiring scammers. No solution appeared to work for everyone, strongly suggesting the phone verification move by Craiglist at least temporarily put a dent in scammers’ efforts.

Decisions to be made by Craigslist:

  • Should reputation damage control (i.e., preventing being known as a host for scams/spam) be prioritized over customer growth (limiting entry barriers like phone verification requirements)?
  • Does Craigslist have the funding and/or personnel to add human moderators to the verification process?
  • Should users who are willing to verify their identities be given more credence when reporting ads that may lead to blacklisting of other users?

Questions and policy implications to consider:

  • Does requiring a phone eliminate users create a new barrier for entry that may push legitimate users to competing services?
  • Does blacklisting numbers linked to reported ads limit the spread of spam? Or can it help spammers willing to report other spam artists to solidify their control of the market? 


As is the case anywhere goods are sold online, there is no permanent resolution. What worked in 2008 is not nearly as effective a dozen years down the road. But the discussion in this forum shows it did have a severe impact on spam almost immediately, even if its effectiveness was blunted by the advance of time and tech.

Craigslist still uses phone verification for certain posts, limiting users to three verification calls a day to each account, which cannot be triggered more than once every five minutes. VoIP numbers are still forbidden to be used for verification calls, which unfortunately impacts some legitimate users with no other phone options.

Written by The Copia Institute, March 2021

Copia logo