Tuesday, January 15th 2013
Anyone who takes up blogging seriously soon discovers one of the plagues of the blogosphere, comment spam.
I imagine that we bloggers all like comments – genuine comments, that is – because they show that people are reading our blogs and finding them interesting enough that they wish to participate by expressing views of their own. A complimentary comment is encouraging and gives a pleasing boost to one’s ego but even criticisms, as long as they are valid and are expressed with a modicum of courtesy, are useful as they may proffer useful corrections and help us avoid inaccuracies or bias.
Unfortunately, the mechanism that makes good comments possible also opens the door to abuse of the system. Spammers quickly saw how they could subvert commenting and use it for their own ends. Thus they invented what is generally known as “comment spam”.
Anyone with an email account will be familiar with the email version of spam. Email spam came first and it was natural that the word “spam” be used for attempts to abuse the blog comment system. There is, however, a fundamental difference between email spam and comment spam. You will find this difference nicely set out on the Akismet Web site on their How it works page. Briefly, while the email spam in your inbox is addressed to you and seeks to manipulate you into falling for some piece of fraud or buy some probably counterfeit product, the spam in the comment section of your blog is addressed, not to you, but to your readers. It is disguised to look like a genuine comment but its intention is to advertise a product or a site or to tempt your readers into clicking on a link. Unlike email spam which is designed to grab your attention, comment spam tries to escape your (the blogger’s) notice. This means that it is sometimes difficult to distinguish between genuine comments and spam.
Those of us who use the WordPress platform are fortunate in enjoying the protection of the Akismet anti-spam system. Of course, no anti-spam system is completely successful (complete success meaning that all spams are caught and no genuine emails or comments are misdiagnosed as spam), partly because automatic systems, despite the decades of research that has gone into them, cannot match the subtlety of human spammers who actively work to fool them. Akismet, however, does a pretty good job, partly because it does not rely solely on automatic methods but adds human intelligence and experience to the mix. I rarely find a genuine comment that has been trapped by Akisment, though this can happen. It is a reminder that, tedious as the chore may be, we must ourselves monitor all spam (email and comment) and not simply hand control to the machine. Otherwise we will lose genuine emails and comments.
In the past, the majority of comment spams have been easy to detect and trap. This is because the “comment” is usually vague and indirect without referring specifically to the post (because whoever wrote it is trying to make it fit all possible posts) or obviously fraudulent (long lists of porn sites, for example). Such comments are repeated in their hundreds across the blogosphere and are therefore easy to recognize and filter out. This doesn’t worry the spammers unduly because they are not sitting at the keyboard adding comments to individual blogs: they are using “bots”, machines that roam the Web looking for blogs and attaching comments to them. They saturate the blogosphere with comments and if only a few get through, then they are satisfied.
If stock comments placed by bots are easily recognized and blocked, what do you, as a spammer, try next? Well, one way is to read the blog post and to make an appropriate comment. There’s a good chance that Akismet will accept it and the blogger will even welcome it as a genuine comment. The “payload” will be the URL entered by the spammer when signing in to write the comment or the URL or URLs helpfully included in the text. People do click on these, and if the comments are spam, they will be taken to the spammers’ Web sites and, in that case, the least that will happen is that the reader will be subjected to advertising. Worse, the site may infect his or her computer with a virus or trojan.
But what spammer in his right mind is going to spend hours visiting blogs and thinking up comments for them? None, of course. They contract out this work to others. How do they persuade these minions to do their bidding? Do they pay them or coerce them? I have no idea and, to tell you the truth, I don’t much care. I note the fact that this is occurring and that it is a way of passing spam comments under the radar, so to speak.
I had an interesting case to deal with only this evening. A new comment was attached to my post Researching Myddelton Hall. The comment was long, and you might at first sight have thought it was a learned disquisition on Myddelton Hall, a welcome addition to the set of comments already present. Well, you could have thought that if, unlike me, you had done no research on Myddelton Hall and didn’t therefore recognize that the “comment” was in fact text lifted verbatim from a Web site on theatre history. I deleted the comment and emailed the person who had left it, explaining why I had deleted it. Guess what happened next? Yep, the message bounced. The address was either false or had been discontinued – the final proof that the intention of the comment was fraudulent.
I have already written on this topic (see Comment spam: delete or keep?) and in that post, I suggested that there were some comments that, though animated by an ulterior motive, might still be valid and should perhaps be allowed to remain. Though the logic of the argument hasn’t changed, my attitude has hardened. I think that any comment that that has an intention other than that of adding a personal message to the blog post should be deleted. It is a matter of principle. You can always email the author and explain why you have deleted the comment, giving him or her the opportunity to reply and defend the comment. If your message bounces, this will confirm your suspicion that the comment is fraudulent.
Blog platforms often provide facilities for filtering comments. Some bloggers hold all comments for moderation, that is, they allow the comment to appear only when they have vetted it. I am not in favour of this. For one thing, I find it is a disincentive to leaving a comment. I feel I am being challenged and being considered guilty until proven innocent. I suspect this loses quite a few comments. Another filter system is Captcha: this requires you to copy a word or number into a box and is supposed to prove that you are a human and not a bot. I abhor these too, and often don’t leave comments on blogs that use this system because it is often difficult to read the Captcha phrase and I might have to make several attempts at it. This filter also makes me guilty until I prove my innocence and I resent it.
On a blog that habitually receives tens or hundreds of comments on each post, I can understand why the blogger might be tempted to use such filters but I think it pointless if you generally receive less than a dozen comments as it is perfectly easy to monitor these as they come in. All comments to my blog are echoed to my email on the PC, to my iPod and to the email on my Blackberry. I can use any of these delete an inappropriate post minutes after it arrives. I don’t feel the need to irritate my readers by hitting them with moderation or the Captcha system.
The bottom line, however, is encapsulated in the title. Yes, spammers think we are stupid. They think we will be deceived by their blandishments and that we cannot see past their puerile attempts to disguise their comments as genuine. Somehow, I don’t think we are the stupid ones.