How difficult would it be to implement a user/ip watchlist (or add such functionality to the current watchlist feature)? It seems that it would be useful to many sysops to be able to add "micheal" to their watchlist, or his IP, or even an IP block (I mean a range of IPs here, like an IP with netmask) that would indicate a person using his ISP (or him with a new IP).
Something like this could track an IP block in real time before an edit is attempted, giving sysops a chance to block an IP before he tries to edit. Though this doesn't seem too useful, it could give a vandal the impression that our system is automatically tracking them down, even when they delete their cookies, change their login, and change IPs. It might cause them to give up.
Also, it might be helpful to "hold" (for a few minutes) edits made by an IP range with a message like "your edit has been held temporarily due to our super-intelligent vandalism filter. If the edit is legitimate, you can rest assure that it will be processed in a few minutes. If your edit is vandalism, you should head for the hills, we know who you are." This way, sysops could revert the vandalism before the vandal gets the satisfaction of seeing it go live.
wikitech-l@lists.wikimedia.org