Anyone that has a website, blog or participates on social media sites has seen or been the recipient of comment and referrer spam. Most of the time it is a pure commercial post or random gibberish with strange URL addresses in a blog comment.

There are two types of spammers associated with type of objectionable material. The first is the small-time spammer that does his objectionable work manually, one item at a time. The second is the automated software spammer that has driven many a website owner mad.

Most of the time the small time spammer can be dealt with easily after all there is only one user, IP address, one or two URL’s, or an email address to block. Once blocked (or warned) they will move on to softer targets.

The automated comment and referral spammers are much harder to deal with as often multiple IP addresses and URL’s are used and it is akin to playing whack-a-mole as they are coming from so many different addresses. With most blog applications, you have several options to keep the spammy comments from appearing on your site. Methods include moderation of comments, using Akismet and Captcha.

The problem with Captcha is most of the methods employed are easily broken and thus comments are again abused by devious (spammers) individuals. No matter how sophisticated the Captcha implementation is the spammers avoid it through various techniques, including the hiring of individuals to break the implementation.

Even with moderation enabled on comments, website owners must wade through and weed out the good from the bad. Let’s face it there are better and more important things to do besides clearing out spam comments.

To date nearly every method to prevent spammers from overwhelming blogs and comments have failed rather miserably. Even images of animals and simple math problem Captcha have had very little effect on the rising tide of comment and referrer spam.

I use several behind the scenes methods of slowing down and stopping comment spam. From what I can see so far they work. However, I think something needs to be implemented on a much broader scale than what I am doing.

Along with Akismet I also use a (100% FREE) asp.net control produced by AngryPets called ReverseDOS.

“Face it, spam attacks are sickening. Within a matter of seconds your site gets inundated with garbage about anatomy-enhancing drugs, home-loans, and poker sites. ReverseDOS fixes all that, by lying to spammers. It does it by making it easy to detect spam, and then making it look like your site is being hammered by too much traffic, or suffering from a DOS attack.

ReverseDOS is a very simple HttpModule that checks various parts of incoming requests against a list of crap that you don't want pushed on to your site. If ReverseDOS detects a match, it attempts to stall the requesting client for a number of seconds (specified in a .config file). During this loop, which uses virtually no server resources - and only a tiny smidgen of bandwidth, ReverseDOS checks every .3 seconds to see if the client is still connected. If the spammer disconnects, good riddance. If the spammer sticks around, they're finally rewarded with the Response Headers - containing an HTTP 403 - Access Denied Response Code. “ - Angry Pets

Akismet takes a slightly different approach than ReverseDOS as it is a web service that runs tests on the comment and marks either it is as spam or approves the comment.

“When a new comment, trackback, or pingback comes to your blog it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down.” – Akismet

While I have seen a remarkable drop in comment and referrer spam on this blog, items still get through and must be manually approved (I moderate all comments).

The larger problem is that all of the above is ineffective because many application developers and end users alike do not take the time to implement such features. This leaves many blogs open to comment and referral spam attacks. This gives spammers more incentive to continue their bad deeds. Most software developers do not have the time, money or inclination to create effective spam prevention methods in their applications and leave it to the end user to implement anti-spam techniques.

I think I have an answer of sorts to the comment and referrer spam.

Add-ons such as the CoComment service could work if they were to incorporate a way to block commenter’s that were spamming, but only if such a “comment registry” was widely accepted by blog owners and software developers. CoComment allows users of the service to track, share and enrich conversation of their comments.

"coComment is a new service which allows you to enjoy the full potential of comment-based conversation on the web. Before coComment, comments made across different sites (such as blogs, photosharing services, news sites, and others providing the ability for readers to leave comments) did not come together into a clear conversation, but were fragmented, hard to follow, and untrackable discussions.

Using coComment, you can now keep track of all the comments and discussions your are participating in or observing on the web. When someone adds something to the comment stream or discussion, you'll be notified. And, if you're a blogger, you can display the comments you make elsewhere back on your own blog." - CoComment

I can visual at some point in the future a common comment registry that all blog owners could implement. Such a comment registry could take advantage of services like OpenID to maintain registrations. If a user of such a comment registry began to spam then based on a number of things (such as complaints) they would be barred from having their comments appear on *ANY* blogs or other services that utilized the registry. Of course, such a registry would require broad industry support, developer’s willingness to support such a registry and blog owners using it to be effective. Such a registry would greatly reduce the incentive to spam and quite possibly could reduce comment and referrer spam to such a point that it becomes merely annoying.

Spammers to date have broken every single method of stopping spam (for the most part). Because of this a comment registry begins to look very good as an alternative to letting spammers run free abusing sites and services. This sort of registry could be used as a form reputation management. Such a registry could also reduce abuse by others of a persons or companies good name.

So what do you think? Would a wide acceptance of a “comment registry” be more effective than current anti-spam methods and services?

12 Comments