KILKENNY -- If you want to minimise your spam burden, I think you should consider using Typepad infrastructure. That's because the Typepad blacklist is more sophisticated than others in the industry. Typepad is filtering my trackbacks using their technology. It is working well--for everything except dial-up spammers. Typepad invoked a special numeric sequence similar to those used by high-end search sites. It forces people to type in a unique number that is generated as an image before a comment can be made on a page. Typead does not let someone post or track back from an open proxy. Their technology provides overrides for false hits on open proxies via CAPTCHA. The Typepad Help desk takes my submissions on board as items for the blacklist. I have personally blacklisted 436 IPs who visited my Typepad blog in the past 12 months. I was surprised to see how Typepad retroactively scrubbed my comments and trackbacks, deleting dozens of mindless comments that were actually probes by potential spammers.
I've learned to do some things that reduce the attractiveness of this site to spammers.
- Do not list referrers on your front page. Viewers don't mind clicking a separate link that takes them off-site to see who is visiting the site.
- Do not post recent comments to the front page. As Userland figured out months ago, comments that append to the bottom of a post work just fine. They can run from scripts that do not appear to link back to the source post.
- You must scrub URLs from your comments and from your trackbacks. The links are the reason for the unwanted spam visits because the links from a site with PageRank 5 or above give spammers Google Juice. Kill the links and waste the Juice.
- Personally visit sites tracking back. If there's no related content to the blog entry, the trackback vaporises on my command.
If you want a responsible two-way conversation with your blog, you have to control comments. Sometimes that means blocking commentary from a whole swath of the Web world. But if you have a plainly visible e-mail address, use Instant Messenger, and answer your phone, you are not cutting out the two-way conversation. I post things to this blog that follow on from these tangential conversations. I spend no more than 20 minutes a day looking at the comments that land here, checking out trackbacks and adding unwanted leeches to my personal blacklist. But I get an average of 1000 daily visitors, so those with larger traffic counts will have to trust technology. Or they will lose a round against the comment spammers.
Alek Komarnitsky -- "Referrer log spamming"
Dan Gillmor -- "Blacklisted comment spammers attack legitimate domain"
Irish Eyes -- Comment spam round 5
Shelley Powers -- good description on cleaning up with MySQL surgery