On Spamming

Okay, let me state this more clearly than I did here:

Comment spammers seek inbound links.

Individual links have little value.

Aggregated indivudal links have lots of value—presumably, lots of links for the same word are pointing at a source for a reason. [So goes the thumbnail sketch of Web search thinking.]

Any system that seeks to foil comment spamming must seek to make it difficult to aggregate individual links.

What does this exclude?

  1. Open, anonymous commenting. The days of open Weblog commenting are probably nearing their end. If you don’t police who comments on your Weblog, you’ll end up with a very low signal-to-noise ratio, because you will be an easy target.
  2. Centralized comment authentication. All you have to do is hire a bunch of people to act as honest brokers, and then have them turn tail and become spambots. It’s easy money for the commentors, and since spammers don’t do this for joy but to improve sales, this is their equivalent of advertising.
  3. Crapfloodable systems. If your system can be overwhelmed by a crapflood of comments, you’re not only hosed from a server-resource-usage perspective, but you’ll also be helping the spammers aggregate. [Yes, some crapflooding is done as an annoyance. Not all of it is, though.

All spamming is easy because there’s a very, very low barrier to entry. Email spam is simple because SMTP doesn’t really require authentication that you are who you say you are. How do you defeat email spam? Software solutions that filter your mail based on algorithms or on whitelists. Not the greatest—you will lose some emails, always—but on the whole, not bad.

Where is email spam defeated? Client-side.

That’s probably the same place that you’ll defeat comment spamming on Weblogs—client-side. [Stay with me here.] Consider that each Weblog is a client [regardless of the fact that it resides on a server]. If I implement a comment spam-stopping solution here—and I have, in requiring that I must approve all comments before they appear—I have made a solution for my Weblog client software. I have made a local—not global—change.

A centralized system can do this—requiring Weblog owners to approve folks based on behavior—but unless you’re approving them on a per-comment basis, you still leave yourself open to the paid Trojan spambots.

Of course, you can trust certain people. Rick King is never going to spam my Weblog comments. [If he did, I would drive over to his house, let myself in, and do something really dastardly. Some ideas come to mind, but his wife reads this site, and she might hurt me. Jess is small, but she’s wiry!] If I had a user-registration system, I think I’d grant Rick permission to make comments anytime he wanted.

Other commentors would not get this treatment. There are always a few folks who comment on this site more than a few times because they find it via Google. Sometimes, these folks end up becoming net-friends [say hi, Ruminator David! :D]. I would probably grant David full posting privileges … but only now. Would I do that in the first, oh, month I had comments from him? Probably not.

It’s about trust. This is where the little voice in the back of my head that approximates what I’d imagine that Mark Pilgrim sounds like screams, “FOAF!” Yes, Friend Of A Friend is, in a way, what I am describing. The Wondergeeks community would probably all grant each other full-privileges. There is significant overlap in who reads our sites, but it’s certainly not a closed group. Would Rick trust, say, Mark Traphagen to post comments without censure on his Weblog? Perhaps. Rick’s a trusting soul. But there’s no guarantee.

But again, I want to drive home this point: a monolithic answer to this is inappropriate. With a monolithic approach, people [being lazy] will just say, “Any approved Centralized Commenting System User with a No-Spam Score above 0 can post whatever they like on my site.” That’s easy to Trojan horse, as noted. You have not raised the barrier to entry one whit.

If you want to stop spam, you have to do it yourself. No one is going to do it for you—not for free, anyway, and even then, probably not well.

3 thoughts on “On Spamming”

  1. “Would Rick trust, say, Mark Traphagen to post comments without censure on his Weblog?”

    My wife doesn’t trust me to make comments on what she’s wearing, so why should Rick grant me full privileges. 😉

    And for some reason it just made my day to become an illustration on Geof’s little Geek site.

Comments are closed.