Skip navigation

Can We Work Together To Stop Comment Spam?

In iwaruna.com’s “Comment Policy Review”, the author explores the struggle most bloggers have in dealing with the issue of battling comment spam on their blogs.

I started out hyper-paranoid and became a “Fort Knox of websites,” as a friend put it: I required registration. I required login. I monitored and moderated every comment. I turned on CAPTCHA. All posts had comments and pings turned off by default. I installed a bunch of WordPress plugins: Akismet, Spam Karma, Bad Behavior, Anti-Leech, etc. It drove me (and my testers) crazy.

It took some amount of testing and learning before I found a suitable combination of anti-spam tools and rules. Communication should be neither overwhelming to me, nor confusing to readers who wish to share something. Developing a sensible comment policy did not occur right away.

I’ve written extensively about the issue of blog comment spam, but I’d also like to address an issue that has not been made really clear.

You cannot stop comment spam on your blog.

Comment spam can only be stopped when comment spammers are stopped. The efforts you make on your blog only stop comment spam from reaching the public eye.

There is no tool currently available that literally stops comment spam on your blog. There are several tools that stop comment spam from appearing on your blog. Akismet, Spam Karma, and Bad Behavior are the gatekeepers, preventing what comment spam they can from getting through the door and then holding back the evil that does get through.

Before these comment spam fighting tools were around, bloggers spent a lot of time sifting through comments, removing comments stuffed with stupid phrases, nasty links, sex, drugs, mortgages, online music, casino crap, and tons of other crap. Now, bloggers sift through fewer comment spams within their comment’s listing, and spend time sifting through caught comment spam looking for false/positives.

Trust me, it’s less work, but none of our efforts actually stop comment spam. So don’t think that by using any of these tools your comment spam levels will drop. They will still be there, but it’s harder and harder for the comment spammers to get through to your real comments list.

Stop Comment SpamI’ve put out a call repeatedly to bloggers to use the power of their blogging voices to put an end to the rewards of being a comment spammer. We need to put comment spammers out of business. Anyone listening?

As a united voice, I believe that the same creativity and sense of community spirit that built MyBlogLogs, MySpace, FaceBook, and Digg can put their energy into stopping the virus that infects all of us. Comment spam crosses country borders and language borders. Every blogger is assaulted by comment spam. Let’s find a way to work together with some great ideas to stop comment spamming at its root.

Imagine a web where bandwidth is wide open, flowing with only creative energy and news, not trillions of comment spams about gambling, viagra, and sex. Imagine putting all your energy into writing your blog, recording your podcasts, and filming your videos, and not spent crawling through lists of humiliation and obscenities.

Any suggestions on how to implement a web-wide attack against comment spammers? You’re creative folks. How about some ideas?

Related Articles


Site Search Tags: , , ,
Copyright Lorelle VanFossen, member of the 9Rules Network
Feed on Lorelle on WordPress Subscribe Feedburner iconVia Feedburner Subscribe by Email

Member of the 9Rules Blogging Network

19 Comments

  1. Posted April 17, 2007 at 4:45 am | Permalink

    I have no idea how to stop the spammers doing it in the first place and I’m not sure they can be stopped. After all, how many blogs are using tools like Akismet and still being spammed mercilessly. Even where there is no benefit the spamming goes on.

    Much like e-mail I suspect the end result will be some form of authentication, i.e. like OpenId implemented on all the blogs.

  2. Posted April 17, 2007 at 5:45 am | Permalink

    Have you ever picked up junk mail in your (real) mailbox, kept the leaflet because something caught your attention and eventually gone to that supermarket or called that pool cleaning service or donated to that charity organisation? Have you ever been influenced by TV commercials (when you think hard, commercials are just official spam, and TV is overloaded with it).
    We cannot stop comment spam if there are still people paying attention to spam in particular and junk mail or advertisement in general.
    I am not far from siding with the extremists who want advertisment banned, so that commercial information is an active action from the consumer-citizen: you go to the yellow pages if you want to find sex pills, great mortgage rates or yummy burgers, and you enjoy comment silence and TV peace the rest of the time.

  3. Posted April 17, 2007 at 5:54 am | Permalink

    I agree — some form of authentication seems to make the most sense. I know that many of the spammers I see on my blogs are not humans actually typing something in — it’s being done by computers. When blogs have a technique that requires a real person to do something before they can post, like type in a copy of a series of letters and numbers, that can stop the computerized spammer. The problem is, the computerized spammer doesn’t know they’ve been stopped.

    One thing that occurs to me is some way of communicating back to the spammer that his efforts have failed — whether they be human spammers or the computerized variety.

    I’m also looking for solutions. I know that Spam Karma has worked to make my job easier, but the same creepy attempts are being made by the same creepy spammers day after day.

  4. Posted April 17, 2007 at 7:42 am | Permalink

    On the blog that I run, I am continually over run with spam comments that I check for
    every once in a while. What’s funny, and a bit disturbing, is that while it may look effective to send out 1MM spamments (is that a word?)…it’s probably better for the spammers to just do it manually as it will be more effective for them and whatever they are selling. Waste of time and of money. Wow..

  5. Posted April 17, 2007 at 9:13 am | Permalink

    On my personal site I uninstalled and reinstalled wordpress and installed the OLD DB so far it took me off the spam radars.

  6. Posted April 17, 2007 at 9:21 am | Permalink

    Mandarine: In the US, it’s illegal to send unsolicited advertising via electronic methods such as fax. There have been attempts to include electronic methods for email and I believe comment spam is inclusive.

    The issue of the law, which is a bit complex, came because the cost of the advertising was a burden on the recipient. Mail costs is a burden on the sender (and income for the post office ;-) ). We pay for bandwidth, one way or another.

    If blogs can’t make their life miserable, and search engines can’t really make their life miserable, then what will influence them to stop spamming?

  7. Posted April 17, 2007 at 9:51 am | Permalink

    I know it would be stooping to their level, but sometimes I want to turn around and spam the crap right out of them…gather up all my internet marketing buddies and smack them with a taste of their own medicine. Right back at ya! I know realistically that would never work though.

  8. Posted April 17, 2007 at 10:46 am | Permalink

    Well, that’s the multi-million dollar question, isn’t it?

    I suspect that once you have the perfect solution to the comment-spam problem you will also have solved the email-spam problem, since in principle, they are quite similar.

    The heart of the issue is that

    a) there is some monetary gain for the spammer
    b) there is no cost to spamming (your blog)
    c) it is relatively easy for them to (comment) spam

    If you were to hit any one of these three things, you could significantly alter the amount of spam anything gets.

    Of course, the key is the “how”, and I’m not so smart as to know that at the moment.

    But that’s my contribution for the day anyway . ;)

    t @ tbh/dji

  9. Posted April 17, 2007 at 10:49 am | Permalink

    I should add, sorry, that it is probably not enough to hit just one of these factors, as clearly an arms race is building over ‘c)’ — by building in captchas and the like, the idea is to (obviously) increase the difficulty *to* spam … but as we’ve all experiened, its an arms race where we try one thing, and spammers solve it with something else.

    Or, it comes at a cost to inconveniencing our readers.

    Again … just wanted to toss that thought tidbit out there for y’all to chew on.

    t @ tbh/dji

  10. Posted April 17, 2007 at 11:28 am | Permalink

    Here’s the thing about comment spam: It’s not comments!

    Okay, yeah, so a lot of it still is, but most of it has transmuted into “trackback spam” or what have you. And this shows off a fundamental problem with the notion of distinguishing between people and non-people. We really don’t want to do that.

    A ridiculous amount of effort has gone into making blogs capable of interlinking to each other semi-automatically. Trackbacks and pingbacks are two ways that blogs can tell one another that they are linking to each other. And with every blog online nowadays having some form of feeds displayed in the sidebar, it’s pretty clear that we don’t want to stop automated systems from touching our sites. We just want *spam* to stop touching our sites.

    This is why captchas and ideas like doing simple math tricks and such don’t work. You’re locking the front door while the back door is not just wide open, but actually pulled off the hinges and laying on the grass.

    When you consider how to block spam, remember that you’re not trying to distinguish humans from non-humans. Other people’s blogs are non-human as well, and you probably want those to talk to you, since they come from humans, just indirectly.

    You’re just trying to block *spam*. That’s all.

    Now, Bad Behavior is excellent at stopping automated spamming systems. It’s not perfect, but it’s not supposed to be. 85% is better than 0%.

    Akismet is incredible at recognizing spam. Thanks to the power of the masses, a central location can recognize and block spammers on a fairly quick basis. Anybody using an automated program to spam can be recognized even when they spam dozens of different sites rapidly. Akismet knows their IPs, because blogs pass that information along too.

    Spam Karma is not centralized, but still extremely powerful, with plenty of different tools and methods to recognize spam.

    These three tools are proven and effective. Use them. They just work.

  11. Posted April 17, 2007 at 11:34 am | Permalink

    Oh, I missed one other thing:

    Imagine a web where bandwidth is wide open, flowing with only creative energy and news, not trillions of comment spams about gambling, viagra, and sex. Imagine putting all your energy into writing your blog, recording your podcasts, and filming your videos, and not spent crawling through lists of humiliation and obscenities.

    The only way to stop the spam from being sent in the first place is to make it non-profitable.

    Consider what might happen if all those gambling, viagra, and sex sites that appeared in your spams were indexed, and every web browser would stop allowing people to go to those sites, or at least warn them that they were supporting spammers by doing so…

    If only we had a central repository capable of getting thousands of spams and keeping some kind of up to date list. Like, say, Akismet’s servers?

    If Akismet could keep a record of links posted, and make this easily searchable or recognizable (like a DNS RBL sort of thing), and then if Firefox/Google/whatever could check these RBL lists during surfing, then that might be a pretty good deterrent, eh?

  12. Posted April 17, 2007 at 12:10 pm | Permalink

    Unfortunately, one of the largest growing companies in the world is the one that profits most from comment spam. Google.
    Yesterday’s comment spam on my blog (it is down drastically the last week from a month ago) was long tail automotive keywords. The only use for something like this is to promote a made-for-Adsense spam site.
    Sure, once in a while some poor blogger loses their account so we all think Google is out there hunting down spam sites, but the really bad ones are still there. The only legible content on them are the ads.

  13. Posted April 21, 2007 at 5:39 pm | Permalink

    Thank you for raising this question, Lorelle.

    One step would be to point out that spamming blogs does not help pagerank, since virtually all blog software now uses nofollow. I guess there’s enough out-of-date software (e.g. WP v1) that it’s worth it.

    CAPTCHAS seem to be a good solution, as do systems that email the commenter asking them to confirm by clicking a link.

    It is an intractable problem, though, because the sites are always changing, and you can’t figure out who is actually profiting. Google definitely is, and they need to do more to fight comment spam. They also need to be more vocal about it, to let people know that spamming WP and other modern blog tools is not effective. Plenty of spam is sent on the assumption that it will help, even if it won’t. Why? Because spammers sell their services.

    The real problem is not that there are no effective solutions; it’s that so many people don’t use them, so spamming remains profitable.

    Akismet has been letting more through lately, particularly long-tail keywords. I will probably add a captcha plugin if it gets worse.

  14. Posted May 4, 2007 at 7:07 am | Permalink

    I’ve been thinking about this a little. As others have pointed out, spammers are somehow making money with the sending of spam. So we need to make is costly for them to do so. But that’s not my idea. I’m wondering if there is someway to set up your blog to give spammers (via either ip or email address) a 404 header when they try to access your blog? Not a 403. A 403 just tells them that they are banned and they will just try another ip or email address. However, if a 404 header is sent telling them that the blog does not exist (when actually it does). I’m thinking that if they get a 404 a couple of times then they would actually remove the blog address from their program or whatever because it is not profitable to even try to post cause the blog is not “there”.

    I started thinking of this because I was wondering if there was a way to do it with email. Most of these spams have a link that they say will take your email out of their database but when you click the link and sign up really all you are doing it signing up for more spam. If there was someway to mimic an email bouncing as though the address did not exist then again, maybe they will take the address out of their database because the opportunity for profit is not there.

    Hopefully this makes sense enough for someone to take it and run with it.

  15. Posted May 25, 2007 at 7:04 am | Permalink

    First, I’d like to point out to James that Google has started to fight the MFA sites – a huge number are being kicked out at the end of May, which I think will herald a new effort by Google to eliminate the spam/MFA sites eventually. I don’t think Google’s on the side of evil here; they can make more money through legit means, at least in the long run, and I think they’re thinking about the long run. They’ve seen Yahoo’s constant, furious cash-cow-milking and they’ve surely noticed how Google is now more successful than ad-laden, ethics-free Yahoo.

    Google does however move incredibly slowly as an organization, or so it seems from the outside. But I’ve also noticed that Froogle has disappeared from their named listings as that, too, has basically failed to keep out the mis-leaders and spammers.

    The best way to close down the spammers is to really close them down. I really liked the suggestion of shutting down web sites guilty of spam via browser, though I can easily see this being abused – that is, all I have to do to close down a competitor or get revenge on an enemy is to spam-promote their URL! Imagine what the Vietnam Veterans for Truth folk and their ilk would do with that. You’d see more spam for moveon.org than you’d have believed, and none of it would be from them… and I’m sure there’d be all sorts of manipulations like that.

    More direct might be a group of dedicated revenge artists going after the clear, human-judged spammers and SHUTTING THEM DOWN one way or the other.

    But I think the real solution is to press for law enforcement to really get involved. That means pulling the FBI off their important jobs of investigating the Quakers and the Sierra Club, and putting them onto fighting organized crime again. Working with Interpol and other police organizations, they could make it very unprofitable for spammers anywhere in the civilized world. I suspect they could even go into Russia, China, and Nigeria (not to imply that these countries are uncivilized) and root out the worst spammers there. However, there needs to be a political will to do this, and unfortunately right now most people are not considering spam and organized crime as political issues. (Indeed, when it was revealed in Congressional hearings that Reagan’s people had used the Mafia as friends and allies, there was absolutely no political fallout.) Instead, we have issues like abortion, gay marriage, profiteering, and war shaping political fights.

    I guess my conclusion after all this is that spam is a political struggle as much as a social and IT struggle. Going after the spammers in some clever, shut-them-down way might work; it seems to have worked in the past for e-mail spam on a limited basis.

    For that matter, rooting out Windows could even be helpful, since the great majority of spam is, or so I’m told, coming from compromised Windows computers. But then we’ll need better security in Linux and OS X (both of which are apparently already far more secure than Windows, but do have vulnerabilities).

  16. Yvonne Nicholson
    Posted September 6, 2007 at 12:30 pm | Permalink

    Thank you for raising this question, Lorelle.

    However, there already are Digg and Myspace spammers and the software they uses is more and more flexible to spam any social network.

  17. Posted September 28, 2007 at 6:56 pm | Permalink

    One way might be to block certain IP Adresses that are known to spam with a constantly updates WordPress Plug-in. But that power could possibly be abused and such for other reasons.

  18. Posted September 28, 2007 at 9:35 pm | Permalink

    Spammers change IP addresses more frequently than you change underwear. This is a known technique that doesn’t work. A multi-fold technique that covers IP addresses, email, word filters, and other magical mystery sauce ingredients are necessary to filter out comment spam. The comment spam fighting tools I’ve listed in the article do that, and more.

  19. Posted September 29, 2007 at 9:14 am | Permalink

    Oh, ok thanks for letting me know.


12 Trackbacks/Pingbacks

  1. Fixing Akismet Comment False Positives

    Robert Scoble posted today about Akismet and the spam filtering features that save him time. But there are times those misclassified posts can cause escalation of a discussion into something more accusatory like deleting comments – that is not fun. F…

  2. [...] why I’m siding with Lorelle: You cannot stop comment spam on your blog…Comment spam can only be stopped when comment [...]

  3. [...] Lorelle from WordPress.com [...]

  4. [...] Can We Work Together To Stop Comment Spam? [...]

  5. [...] against blogging spam is to use an anti-spam plug in like Akismet, Spam Karma, or Bad Behavior plus vigilance on your own [...]

  6. [...] I’m finding that Akismet does the job alone extremely well on my WordPress.com blog. By working together I believe we can protect each other from comment spam, but we also need to do [...]

  7. [...] Can We Work Together To Stop Comment Spam? [...]

  8. […] Can We Work Together To Stop Comment Spam? […]

  9. […] Can We Work Together To Stop Comment Spam? […]

  10. […] Can We Work Together To Stop Comment Spam ? […]

  11. […] Can We Work Together To Stop Comment Spam? […]

  12. […] Can We Work Together To Stop Comment Spam? […]

Post a Comment

Follow

Get every new post delivered to your Inbox.

Join 20,684 other followers

%d bloggers like this: