Blog Spam, Part 2


Three months ago, I ranted in this blog entry about blog comment spam. Well, it appears that the arms race of allowing anonymous blog comments (which I deem highly important) has been steadily escalating, and the latest crop of blog comment spam are pretty clever to the point that I think that anonymous blog comments cannot be allowed to be made unfettered and freely.


For example, the latest algorithms:



  • One takes snippets of existing blog comments from the same blog entry, injects its URL into the username field, and repost that as blog comment

  • One takes snippets of text from novels, emails, etc from other sources, injects its URL into the comment text and/or username field, and reposts that as blog comment

  • One uses short congratulatory phrases like “good to know”, “I like your site a lot”, “keep up the good work”, etc, injects its URL into the username field, and reposts that as blog comment

The only common thing amongst all of them is that the spam URL is in the username field, but unfortunately, that is also used for Trackback and by legitimate users linking to your blog… so disallowing those links diminish the linkage of the blogosphere.


Now, some have proposed requiring HIP-CAPTCHA and other Turing Tests for Humans before allowing comments to be made… and while I resisted such user restraint earlier because I value my user liberties, a little validation every once in a while can’t hurt… or can it?


Anonymous Spam is the very abuse of personal privacy, but chipping away at one’s civil liberties in the name of security is just as dangerous and slippery slop towards tyranny. Is there a better choice? Perhaps we can attack/remove the economic incentive to spam, or make it prohibitively expensive to spam than not.


//David

Comments (7)

  1. davidacoder says:

    Once Infocards (or Windows Cardspace) is ready, you could use that. Just require a claim like "this is a user and he has demonstrated to be one by using our mega captcha system once last month" from any identity provider. You could accept such a claim from any identity provider (like Windows ID and others). You would not need to collect any personal data, no user id, no nothing. All you would do is ask your users to provide you a ticket/claim from any of the big identity providers that proves that they are real. At least that is how I understand the system 😉

  2. BlakeHandler says:

    Hey at least your MSDN Blog doesn’t support trackbacks! On MSN Spaces, not only do we get SPAM Comments — we also get SPAM trackbacks! (Shall we call them "porkbacks"?)

  3. Jeff Parker says:

    You hit the nail on the head there. I am so sick and tired of robots and comment spam even on forums anymore. You have to watch user names some just put the links in thier profiles. It is really getting to be a serious pain in the rear. While my email spam has dropped dramatically over the last couple years. Comment spam on blogs, forums, etc has grown to an almost out of control proportion. One of the things I started doing just for fun to see if it works is I go to those sites, since usually they want you to buy something. I then send them a bill for advertising. None of them have paid though but you know I would love to see the looks on thier faces when they see the bill and winder what the heck it is all about. Now if I only had my own collections department that could hound them until they paid.

  4. Maurits says:

    There’s an online blocklist of spamvertised URLs:

    http://www.surbl.org/

    It’s been very effective for me (and others) in email.  I don’t see why it wouldn’t work just as well for blog spam.

    TinyURL.com uses it, among others.

  5. David.Wang says:

    Sorry, I am in a political sort of mood right now… so does anyone see that fighting against spam is like fighting against terrorism? What now? How does one reduce/eliminate spam? Come on, think! 🙂

    davidacoder suggests an internationally federated identification system for proof of citizenship/eligibility.

    Maurits suggests an international blacklist be established and for people to check against it.

    Jeff suggests pretending to be a terrorist recruit and bail out at the last minute.

    Another friend suggests clicking through and pretending to be interested in the spam, just to waste their time.

    //David

  6. Maurits says:

    Spam would be over in a month if people just quit buying the spamvertised products.  I don’t know how that translates to the terrorism analogy.

  7. David.Wang says:

    Maurits – your analogy would be if people just got a clue and stop joining Terrorism cells.

    But nah, that would be too easy, wouldn’t it? 😉

    //David