Alden Bates' Weblog

MT-Blacklist has blocked almost 2000 spams on my weblog so far. Some still get through prompting me to add more string blocks. Damn them. Damn them all.

Though my site doesn't get as much spam as many others, I'm beginning to see the appeal of outing them.

I got a comment today. See if you can spot anything suspicious about it.

%syn(Cool|Nice|Rulezz)% %syn(blog,|portal| site ! I)% hope to make %syn(my own|own weblog|my diary)%, not worse than yours ;)

Gosh, no, nothing suspect about that...

("not worse than yours"?! Cheeky.)

The "nofollow" attribute was recently introduced (see announcements by Google and Yahoo), the theory being if links in comments don't count towards the target's ranking in search engines, spammers will be less inclined to spam blogs. I'm still sceptical. Spamming blogs costs nothing, and the process can be automated. Unless every single blog on the net upgrades to use the nofollow attribute, I don't think there's any reason for the spammers to stop.

I don't think I'll be uninstalling MT-Blacklist any time soon...

Via Aardvark:

Aunty Spam's Net Patrol reports: A little birdie with insider knowledge has confirmed that Verizon is blocking all international IP space from RIPE, APNIC, and more, and is only unblocking specific domains, based on their IP address, when complaints are made and escalated.

If that's true, then it seems Verizon has stumbled on an interesting solution to the spam problem, though probably not a sustainable one over the long term, due to the amount of complaints they'll get (though they may well be blocking the complaints as well!).

Lycos is introducing a new way to fight spam. It's a screensaver which attacks the web sites of spammers, draining their bandwidth and making their site unresponsive. I'm not at all sure it's legal, but really how many people are going to have sympathy for the spammers?

Of course this could backfire. As we've already seen with SORBS, it's easy to accidentally target people who haven't done anything wrong. It's common, for instance, for a number of completely unrelated web sites to be hosted on the same server simply because the owners are signed up with the same web hosting company. An attack on one site on such a server would impact the other unrelated sites as well...

Good old SORBS (Spam and Open-Relay Blocking System) is still at it. Not only are they blocking whole ISPs, they're apparently also blocking email from servers hosted on dynamic IP addresses. Once again, SORBS is throwing the baby out with the bath water.

The reason thay're blocking anything from dynamic IP addresses is because virus-ridden PCs can be used to send spam. Gosh, wait until they realise that 100% of spam emails are sent via the SMTP protocol! "OMG! By blocking any email sent with that protocol, we can block 100% of spam! We'll be saviours!"

As I mentioned a while back on my LJ, SORBS came to my attention because I tried to email a friend of mine, and it bounced. If there's one thing I hate more than spam, it's having a perfectly valid email bounce for no good reason. (I've been able to email George since, and it looks like Paradise was taken off SORBS' list.)

Blacklisting is bad, it stops legitimate emails and doesn't really affect spammers much, because they use fake email addresses and don't get the bounces. Of course, if everyone used the blacklist, that would stop the spammers... for about five minutes before they found a way around it. Spammers make quite a lot of money, you see, so they're determined to keep doing it. The only way to stop spam for good is to cut it off at the source. Blacklisting doesn't do that, it just makes the problem invisible, like taking painkillers for a brain tumour.

Of course, people will still use blacklists. However if you consider using SORBS, you might stop to consider what valid emails you might miss out on.

Incidentally, SORBS is currently in fourth position for a worthless project.

It's not often I'm surprised by spam, but today I was spammed by Paramount studios. Apparently they had taken me for a War of the Worlds fan and wanted me to help pimp their upcoming movie. A quick search of my web site revealed that War of the Worlds is mentioned on five DiscCon Guide entries, and in the Who Killed Kennedy eBook, so, er, no, that is still a bit of a leap to make.

This is, I suspect, an overzealous marketing underling... I guess it makes a change from endless viagra, Nigerian scam and speed camera spams.

Back last year I posted about a possible way Movable Type could combat the spam problem thusly:

Even Movable Type has problems with spam, and they've been talking about ways to combat it.

Personally I'd have thought the easiest way would be to have a page which lists all the recently posted comments, in chronological order... that way the blog owner would be able to see comments made on months-old entries.

I see Movable Type 3 not only has such a page, but it does email notification like LiveJournal does. In fact, the back-end of MT 3.11 is pretty cool all told. :)