Anatomy of A Blog Spammer
You've probably noticed that I seem to be talking about spam quite a bit this month. Although it's partly because I've been dealing with a lot of spam lately and the issues are fresh in my mind, it's also because I think spam poses a serious threat to usability. In addition to the added time and trouble directly caused by spam, we also end up fighting that spam by forcing our legitimate visitors to jump through more and more hoops.One of my goals in developing the engine to power this blog has been to develop spam-fighting techniques that are as invisible as possible to end-users. I'm going to talk about those techniques in detail next week, but before you can fight spam effectively, you have to know your enemy. Here are a few things I've learned about blog spammers:
1. Spammers Are Lazy
Ok, maybe the people themselves aren't always lazy, but any individual piece of blog spam is such a low-value proposition that a spammer can't be bothered to spend much time on it. This leads to a number of common practices, including: (1) automation, (2) cutting and pasting, and (3) typing nonsense text (e.g. "asdasfasfasfasf").2. Spammers Are Human
I've been amazed to discover how much spam is actually being entered directly by people, but my point is much broader than that. Even if spam is coming from a program, that program first has to be written by a human being. If you want to stop blog spam, you have to understand the motivations and personality types of the people who create it. Which leads us to...3. Blog Spam Has A Purpose
Unlike computer viruses, which are often created for pure ego or as experiments gone wrong, blog spam has one key purpose: to generate links. The vast majority of blog spammers are looking for an easy way to get sites to link back to their own sites (or clients) and drive search engine traffic. If you can block those links, you'll render 90%+ of blog spam impotent.Building Blocks
It may not sound revolutionary, but all of the ways I've fought spam on this blog come back, one way or another, to these three points. Next week, I'll be building on these basic principles and revealing my anti-spam techniques and PHP code in detail.
Steven Bradley
· Thursday, June 19I hear you Pete and I agree with your 3 points. I want to add something to the last point. I think blog spam isn't only about search engines. I think it's often about the direct clicks.
It might not seem like people would click on some of the spammy comments, but I think people do. Maybe it's a small percent of people, but when you consider how many spam comments someone can leave even a small percentage of clicks can add up.
It's one reason I don't think nofollow does much to prevent comment spam. Maybe it's more to do with your first point about the laziness of the spam. It could be it's simply easier to send out more spam than it is to maintain a list of dofollow blogs, but I think some of it is that not every comment spam is done in the pursuit of search rank. I think the direct clicks factor into the equation as well.
Dr. Pete
· Thursday, June 19@Steven: It's really hard to say with nofollow, as many spammers probably don't even realize it's there. On the other hand, I've heard anecdotal evidence from others that it can make a huge difference. The direct clicking is kind of like telemarketing; somebody must be responding to it, or else there wouldn't be so much of it.
Mike Maddaloni - The Hot Iron
· Tuesday, June 17I agree on #2 especially, and this makes it tough to capture without blocking out legit commenters, including those who can't use CAPTCHA or other methods.
Looking forward to seeing yours!
mp/m