Freigeben über


Blog Spam, Part 2

Three months ago, I ranted in this blog entry about blog comment spam. Well, it appears that the arms race of allowing anonymous blog comments (which I deem highly important) has been steadily escalating, and the latest crop of blog comment spam are pretty clever to the point that I think that anonymous blog comments cannot be allowed to be made unfettered and freely.

For example, the latest algorithms:

  • One takes snippets of existing blog comments from the same blog entry, injects its URL into the username field, and repost that as blog comment
  • One takes snippets of text from novels, emails, etc from other sources, injects its URL into the comment text and/or username field, and reposts that as blog comment
  • One uses short congratulatory phrases like "good to know", "I like your site a lot", "keep up the good work", etc, injects its URL into the username field, and reposts that as blog comment

The only common thing amongst all of them is that the spam URL is in the username field, but unfortunately, that is also used for Trackback and by legitimate users linking to your blog... so disallowing those links diminish the linkage of the blogosphere.

Now, some have proposed requiring HIP-CAPTCHA and other Turing Tests for Humans before allowing comments to be made... and while I resisted such user restraint earlier because I value my user liberties, a little validation every once in a while can't hurt... or can it?

Anonymous Spam is the very abuse of personal privacy, but chipping away at one's civil liberties in the name of security is just as dangerous and slippery slop towards tyranny. Is there a better choice? Perhaps we can attack/remove the economic incentive to spam, or make it prohibitively expensive to spam than not.

//David

Comments

  • Anonymous
    June 14, 2006
    Once Infocards (or Windows Cardspace) is ready, you could use that. Just require a claim like "this is a user and he has demonstrated to be one by using our mega captcha system once last month" from any identity provider. You could accept such a claim from any identity provider (like Windows ID and others). You would not need to collect any personal data, no user id, no nothing. All you would do is ask your users to provide you a ticket/claim from any of the big identity providers that proves that they are real. At least that is how I understand the system ;)
  • Anonymous
    June 15, 2006
    Hey at least your MSDN Blog doesn't support trackbacks! On MSN Spaces, not only do we get SPAM Comments -- we also get SPAM trackbacks! (Shall we call them "porkbacks"?)
  • Anonymous
    June 15, 2006
    The comment has been removed
  • Anonymous
    June 15, 2006
    There's an online blocklist of spamvertised URLs:

    http://www.surbl.org/

    It's been very effective for me (and others) in email.  I don't see why it wouldn't work just as well for blog spam.

    TinyURL.com uses it, among others.
  • Anonymous
    June 15, 2006
    The comment has been removed
  • Anonymous
    June 16, 2006
    Spam would be over in a month if people just quit buying the spamvertised products.  I don't know how that translates to the terrorism analogy.
  • Anonymous
    June 16, 2006
    Maurits - your analogy would be if people just got a clue and stop joining Terrorism cells. But nah, that would be too easy, wouldn't it? ;-)

    //David