1. Liz Lawley on January 13, 2004 11:51 AM writes...

Egad, Ross. Give up? Now *there's* some creative advice. :) I assume they should all give up email, as well, since spam is inevitable?

There are other approaches and solutions to comment spam. One simple approach is to turn off comments on older entries, which are almost always the targets of these spam attacks. That, combined with a robust blacklist of URLs, is pretty effective.

Me, I'm not giving up comments. And I'm not placing the barrier of "start your own weblog" onto the people who might want to comment on mine. Many of my readers (including my family members) are not technical folks, and not interested in publishing online regularly--but they often have useful and interesting things to say.

2. Zap on January 13, 2004 11:58 AM writes...

I guess you have given up email, phone and the use of the postal system and live under a rock now?

Very lame.

3. Roddy MacFarquhar on January 13, 2004 12:39 PM writes...

Why can't someone develop a MT plug-in that uses one of those image based verification tests that prevent automated sign ups to web mail or automated harvesting of things like ticketmaster.com. (I regret that the answer might be patents and IP).

4. Liz Lawley on January 13, 2004 12:55 PM writes...

There are captcha plugins for MT. (See James Seng's plug-ins.) The issue is accessibility. Captcha tests make it impossible for the visually disabled to use the comment functionality.

5. George on January 13, 2004 1:12 PM writes...

The MovableType site says version 3.0 will include the option of requiring commenters to register.

I fight the war against spam because it's fun. And it doesn't take up that much time, frankly.

I disagree with your assessment of the economics of comment spam, which typically directs readers to a particular website. Ban any comments, using MT-Blacklist, referring to that website and you have your solution. For a spammer to buy a new domain name to circumvent this system is not a "near zero cost."

6. Zack Lynch on January 13, 2004 1:29 PM writes...

Someone should let Brad Delong know as today he just discontinued his commenting capabilities. Time to move to a wiki-blog architecture.

Link

7. Evan on January 13, 2004 1:53 PM writes...

You can make Captcha work, even for visually impaired people. See http://www.livejournal.com/community/metajournal/31483.html .

8. Liz Lawley on January 13, 2004 2:54 PM writes...

How would a wiki-blog architecture alleviate the problem? [She asked, after having just rescued her class wiki from grad student defacement only hours after introducing it to the class...]

Adding the audio component would be good, but Idon't think the current MT captcha tool provides for that.

9. David Weinberger on January 13, 2004 4:03 PM writes...

I got 1,000 in a couple of hours before my host shut down the comment script. I'm going to try installing James Seng's verification script and then open comments back up.

http://james.seng.cc/

Damn stinking comment spammers.

10. Cory Doctorow on January 13, 2004 5:21 PM writes...

For the record, I didn't move my comments, I shut them down. Boing Boing readers set up the Tribe discussion off their own bat.

11. Ian Grove-Stephensen on January 13, 2004 5:21 PM writes...

A quick search on Google for links to my site has turned up only two out of several dozen comments I've left on blogs over the last 6 months. So it looks like Google has already stopped routinely indexing them. I imagine Google is doing it to protect the integrity of pagerank, but in doing so they are also removing the incentive to comment spam. Spammers may not have realized this yet; when they do I'd hope that the evil tide will start to ebb.

12. Adam Rice on January 13, 2004 7:29 PM writes...

Just because food rots, nobody says "hey, you might as well give up eating."

I've been attacked by comment-spam before, and I probably will be again. I don't think the situation is hopeless: in fact, I think it is a lot more hopeful than e-mail. Since blog commenting doesn't rely on decades-old standards, we have a lot more room for creativity. With different blogs implementing different anti-spam techniques, a would-be spammer won't know what he's getting into when attacking a blog: captcha, other "quiz formats, registration, tarpits, throttling, blacklisting, and any combination of the above can be used to foil them. We don't have plug-n-play functionality for all these, yet, but I think we will.

13. Tom Coates on January 13, 2004 8:08 PM writes...

If I start getting 500 hundred a day I'll give up, but in the meantime I'm damned if I'm going to allow another person to get google juice and self-promotional props off of my site and I refuse point blank to let them force me to stop using comments. This may be a trivial evil, but it's an obvious to spot evil and that's rare enough to be worth standing up against - even if it's futile.

14. Michael on January 13, 2004 9:40 PM writes...

"The line must be drawn here. This far, no further! And, I will make them pay for what they've done." - Capt. Jean-Luc Picard

How far are you all willing to retreat? Will you allow your social software revolution to be foiled by some spammers?

I would suggest "to take arms against a sea of troubles and by opposing, end them?"

Leave your comments on.

15. Davd Beckemeyer on January 13, 2004 9:47 PM writes...

My site doesn't get a lot of comments, but I added a CAPTCHA system that seems to have stopped the robots but I was still getting a lot of spam comments that were clearly done manually by a person (with cut and paste and perhaps with a tool to decide which posts to comment on). So I've now added some congestion control that seems to have added enough "cost" to the spammers to be effective. I think this will bring things back to a manageable level (a few posts will still get through) without impacting non-spammer commentors. I can live with the limits of CAPTCHA. I see it as a lesser evil than turning off comments entirely which btw impacts visually impaired users (and as others have said, one could make it work, or at least provide a means for visually impaired people people to still post, if it's a major issue for you).

16. Ross Mayfield on January 14, 2004 2:43 AM writes...

These comments are great evidence of their value and how big the problem is for some. CAPTCHA and others could be great short-term solutions -- but as blogspace grows so will the incentive to circumvent. I do think its a fight worth fighting, but your average blogger can't do it alone and still have time to blog.

17. dingbat on January 14, 2004 7:53 AM writes...

Ever hear of Junkeater?

http://junkeater.com/

18. Oscar on January 14, 2004 9:39 AM writes...

You can shut down comments but you recommend to leave trackback on. How long before the spammers start using "trackback spam"? (I haven't been hit by spam yet so perhaps they're _already_ doing it) It would be even easier than comment spam... Think about it: almost all the blogging systems out there support trackback. Trackback ping information is only a little bit of xml code embedded in an html page, that always follows the same format so the only thing that the spamming script would have to do is to find the url where trackback pings need to be sent. Result: pick any easy language that has an xmlrpc parser, feed this script with a few permalinks and "enjoy" :P

PS: no, I am not a spammer and I am not planning to become one.

19. George on January 14, 2004 9:26 PM writes...

Check it out: MovableType 2.66 has improved anti-spam strategies.
http://www.movabletype.org/news/2004_01.shtml

20. oliver gassnert on January 20, 2004 8:36 AM writes...

Giving up means: they win.
And: If you leave trackback on they will biuild robots that blog and ping your trackback.

There is only a social solution to a social problem (of this kind): send in the lawyers. (Martin Röll sent his first comment spammer an invoice for the ad.)

Only a broke spammer is a good spammer.

21. seo on February 6, 2004 12:07 AM writes...

The problem that plagues many Blogs is link spam. Google's current ranking algorithm places a lot of weight on links. Thus links are important and desired by companies trying to rank well on Google. Link popularity is critical with Google - whereas search engines like Inktomi - feeding MSN, HotBot and soon Yahoo - rank websites based on text, keyword density, site structure and other on-page factors. One of the quickest ways a Blog owner could stop this link spam is to disable HTML in the comments and disable the live URL link - unless of course Google quits ranking based on links and instead starts placing more weight to on-page factors even business cards. Immunize your blog and disable HTML.