Today I continue my backlog-clearing series of link lists with ones about blogging and podcasting, including style, technicalities and legalities. If you blog or podcast and want to learn from others, I hope you’ll enjoy some of these:…

The funny thing about is that as annoying as it is (It’s been coming through often) I took it as a sign that my blog is finally arriving in some way. I mean if I caught the spammers attention maybe I’m doing something right.

I know, I know, doesn’t really mean a thing. I’m just looking for the positives..

Why should readers know the email address of commenters? It makes no sense. Associating a URL with a commenter’s name is fine; associating their email address is foolish.

Just out of curiosity, did you E-mail your regular reader to let them know that they were hijacked?

I know I would want to know if someone was posing as me.

Joe

1. Blacklist. Uses a global blacklist which you can add phrases, ip’s and domains to.

2. Comment Control. Anything older than 2 weeks or that contains a URL has to be validated first. You can set the time, but 2 weeks seems about right.

3. Silly Logic Question. Simply ask something like “how do you spell blue” or “what is 2 + 2″. This method is like CAPTCHA accept it’s also friendly to people with visual disabilities too.

I went from 15,000 spam messages a week across my network to just about zero (a couple slip through now and then).

A lot of my spam was originating from a handfull of IP addresses. I set the spam filter for those, and reported a couple of them to their ISP after tracking them down. I have got confirmation on one of them having their access terminated.

The address harvesting is a little creepy, but I have yet to experience that.

My spam measures usually look at context, links etc. – I don’t (unfortunately) even just let previously approved commenters through.

I do agree though, that it shouldn’t be possible to harvest the real email address.

But then again, Darren, you have Akismet right? It really pwns you good!

I have noticed this trend too and find it irritating to moderate my comments so much.

Looks like anti-spam plugin makers need to come up with some updates pretty soon.

The easiest way to stop comment spam is to require registration, and to mail the user’s password to them. If your blog/CMS platform allows the user to choose his own password, or doesn’t require them to take some action based on received e-mail, then it’s dead simple for the spammers to automate user account creation.

MediaWiki suffers from this problem, as it not only doesn’t require the user to verify his e-mail address, it lets the user supply their own initial password, which is why Wikipedia and other MediaWiki-based wikis have such a large problem with vandalism and automated wikispam. I’ve been working with the MediaWiki developers and other MediaWiki users on ways to curb this problem, which will be incorporated into Bad Behavior 2.

The down side to registration is it turns people off. Many people won’t bother to register, even if you leave the nice link prominently displayed and make it as easy as possible for them. So there go many comments you would otherwise have received.

The problem of automated spam is one I’ve been working on for over a year now. I have a very good solution in Bad Behavior, and Bad Behavior 2 (currently in development; try it out!) promises to be very close to perfect. I don’t attack the comment, I attack the delivery method. In fact, it’s the only anti-spam solution which doesn’t even look at the content of the comments/trackbacks at all. This has allowed me to deliver a solution which will block thousands of spams a day, and over 99.9% of them, with no false positives (unless I make a stupid typo or something).

Best of all, it’s free. :)

I can just hope now that the bot programers don’t figure out how to do a login with Drupal to put the spam back in their.