Blog Spam Wars Escalate

For the past year or two, I’ve kept weblog spam comments at bay with a custom hack that blacklists common spam phrases and URLs. Every month or two, a new spam format seems to evade the filter, and it’s usually easy enough to identify a unique phrase that is unlikely to appear in a legitimate comment and add it to the blacklist. (Most of these unique phrases are not appropriate for general audience consumption—suffice it to say that they often relate to unorthodox sexual activities). If I receive more than three or four spam comments from a particular IP address, I blacklist that IP address from commenting.

This approach has been fairly low maintenance, and while rather crude, has very few false negative and false positive results.

Just recently, however, my friend Jamie reports that he is getting “spam” comments on his blog that actually don’t point to any spam sites. In fact, there’s nothing in the comment or the URLs that is spam, other than the fact that the comments have nothing to do with the blog entry.

This phenomenon is apparently becoming widespread—for example, see this poor guy, who appears to have a totally legitimate blog which is now the “target” of many of these quasi-spam comments.

My guess is that these faux spams are designed to trigger automatic blacklists and thus poison the blacklists with “good” sites and presumably ruin the whole system. It’s not really effective against my technique, which involves manually blacklisting sites, but it is certainly annoying. So far none of these have hit me, but I’m sure it won’t be long.

I’m loathe to implement a captcha or login requirement on my blog—one of the great things about the blogosphere is the low barrier to entry for participation—but that may be the only choice. Any other ideas?