Comments on: How To Analyze And Stop Comment Spam

By: paul

paul — Sun, 24 Jun 2007 07:22:00 +0000

Hi Gordaen,
I checked Pidkey and what I saw is a little bit more than just a simple solution anti-spam. And … my humble advice, the problem “The major one that I see is email from non-humans that isnÃ¢â‚¬â„¢t spam” is not a problem… because with that… spammers are out of service . I start to use it and I have no more spams see you:-)

By: Gordaen

Gordaen — Fri, 15 Jun 2007 01:16:41 +0000

I updated the link in your first post, so now they both work. Pidkey sounds like a simple solution to email spam, but it seems like it has a few problems. The major one that I see is email from non-humans that isn't spam. For instance, I have scripts on my site that email me upon various events. I would have to specifically create a contact in my address book for those scripts. I also don't know that it could be used effectively for blogs. It could be adapted to send out an email confirmation to each poster and store who is accepted, but that could generate a lot of emails on a popular blog (mine receives an average of about 150 comment spam attempts a day, sometimes triple that, and my blog is certainly not a major one). Another interesting solution that would be nice if more people used it is hashing. Programs like hashcash basically make the computer do some calculations in order to send an email. Since humans don't type and send emails extremely fast, it's not a problem for us, but spammers wouldn't be able to do the calculations for the millions (or billions?) of messages sent. Of course, then you run into problems with companies sending out legitimate newsletters.

By: mya

mya — Thu, 14 Jun 2007 03:37:09 +0000

Hi folks,

I saw, I gave you the wrong link, is http://www.pidware.com/pidkey.php (without . at the end) If you are like me, I hate spam and now… I relax

Mya

By: mya

mya — Thu, 14 Jun 2007 03:29:50 +0000

Hi folks, I use a spam blocker, the approach is different, it doesnÃ¢â‚¬â„¢t intend to analyse an email. This spam blocker uses a new pidkey technology. ItÃ¢â‚¬â„¢s too long to explain but you can see an explanation www.pidware.com/pidkey.php. The point is... the machine (computer) competes with human brain, computer no match with that. So maybe itÃ¢â‚¬â„¢s time to look elsewhere. Mya

By: Gordaen

Gordaen — Fri, 01 Jun 2007 04:48:02 +0000

Thanks for the kind comment, Brian. I'm glad you found the article helpful. CAPTCHA's are definitely one of the most commonly used solutions because they're so easy. Unfortunately, there are some significant problems with them. Vision-impaired users can't use them, people using command line browsers (e.g., Lynx) can't see them, and small, and portable devices often cannot use them (e.g., phones and PDA's which might have too small of screens, too low of resolution, or may even have images disabled to save bandwidth/memory). I also see people who implement CAPTCHA's incorrectly, using an obvious hash that can be cracked by a computer faster than a real user can type in the image's characters.

By: Brian Buffington

Brian Buffington — Thu, 31 May 2007 23:15:52 +0000

This article is fantastic! Before this I was strongly leaning towards integrating a CAPTCHA into my custom CMS, but your points approach brings up some new ideas. I’m definitely going to take a look at my pages and see how I can integrate some of these great suggestions. Thanks again!

By: Gordaen

Gordaen — Thu, 31 May 2007 16:57:12 +0000

A custom CMS like yours usually lasts a bit longer against the spammers, but eventually someone will have too much time on their hands and create a script for it as well. At first, it's easy to stop these spams by blocking keywords, excessive links, or other obvious patterns, but someone out there will be just as interested in circumventing your countermeasures as you are in stopping their spam. Hopefully this excessively long post will help you (and others) when the spammers become a bit more sophisticated. In some ways, it's good that there are so many easy targets (keeps their eyes off the more challenging sites to spam), but I wonder how much those sites encourage these people... One thing I didn't mention is that you can also shut down a lot of spammer's sites. Oftentimes, they use sites like JubiiBlog where they can quickly set up a page with spam advertisements or JavaScript forwarding, and you can simply contact the support team with the offending sites. I've done that quite a bit in the past few weeks while analyzing spam I receive through my comment form, and I can only hope it irritates the spammer. It takes a lot less time to find a customer support email address and forward on the spam sites than it does for them to find new sites that are vulnerable to their techniques.

By: Bernie Zimmermann

Bernie Zimmermann — Thu, 31 May 2007 04:22:22 +0000

This is an awesome list, Ian. I’m not quite to the point where I’m ready for a points system at my blog, but I can certainly see the merit in such an approach. Thanks for posting such a thorough list of spam countermeasures. I’m sure I’ll be revisiting this post in the future (unfortunately).