As far as the internet is concerned, you’re a spammer until proven otherwise. In fact, many websites require us to pass a test just to prove that we are human. We might fool ourselves into thinking that we have the whole bot/spam think under wraps but truth be told, it’s much worse than we think; it’s controlling us!
In a perfect world we’d be able to detect a spam-bot from it’s movement around a website without having to interrupt a visitor (who could potentially be a human); actually, in a perfect world there would be no spam-bots at all but, due to the greed and idiocy of mankind, such perfection will never be achieved…
If there’s a crux to this entire issue then it would be this question: How exactly can we use technology to determine between something which is human and something which is not? It is definitely possible but with current methods we’ll never be able to guarantee a spam-free environment.
There is another really big problem though: many spam messages you’ll receive on a daily basis will have originally been typed out by a real human!
Take this example, I received this as a comment on an older post at 7:46pm tonight:
My name is Sabrina and Iām new to this site.
According to this message, a person, probably female, has arrived at my website and has been so enthused that she’s decided to write about her recent accomplishment (the accomplishment of being new to a website)!
Five things about this message make me 99% sure it’s spam
- It’s an old post, one which hasn’t received much traffic in the past. Because it’s an old post we can assume "Sabrina" arrived at it via a search engine or something similar (86% of all traffic in the last two weeks to this post has been from search engines – source: Analytics), if so, then Sabrina must have been looking for something specific, maybe she found it and was grateful, or maybe she didn’t find what she was after. Either way the above comment makes no sense!
- As far as I’m concerned, a greeting, like the one Sabrina exhibited in her comment, is one of the least likely comment types in a technology-related blog post. – Source: I’ve read a lot of technology-related blog posts and have never seen a comment of this type. š
- Sabrina has no gravatar – not compelling on it’s own but makes her less likely to be human.
- If Sabrina were sufficiently intelligent to use Twitter (the topic of the post) then she would also be intelligent enough to realize that it’s not necessary to have her name in the post because it’s already specified as her name. (again, this isn’t compelling on it’s own)
- Finally, Sabrina’s email (which I won’t disclose, just encase she is actually a human) is a bit dodgy because the corresponding domain currently returns a 404!
So, why would a spammer waste time posting messages like this?
A message like the one above is quite likely to get approved by a busy moderator (proof). WordPress’ default setup dictates that all messages which have previously approved authors will be automatically approved from then on. I’m guessing that "Sabrina" will wait a certain amount of time before returning and posting a more malicious variant of her comment, but, unfortunately (for her) I did not approve the original comment so all of her following ones will end up in the spam bin as usual. With this blog they would probably end up in the Akismet bin even if I had approved this comment but not everyone uses Akisment!
The point of that example was to illustrate that the spammers are becoming a little wiser and that traditional methods will not suffice for much longer.
Spamming would not be around today if it didn’t work. Obviously somewhere in the world there are some absolute morons who believe that certain things might actually get bigger if they take some drugs.
So, as usual, it’s the people who lack understanding who are to blame. Maybe we need to re-educate them – but now, this becomes a public concern, one which cannot be fought on the technological battleground. An imbalance of information in society can only be fixed by the governments! Damn it! This spamming thing is truly unfixable!
Thanks for reading! Please share your thoughts with me on Twitter. Have a great day!
I take the opposite view – if its not malicious, then publish it, otherwise let Akismet deal with it. I don’t have the website field on my site, so its a big give away when comments have urls on them!
Thanks James š
I always check the URLs that are left; I wouldn’t want my site linking to anything illegal or pornographic.
There are some spam e-mails that are more difficult to recognise than your typical ‘go larger’, particularly for users not familiar with phishing and so on.
You’re absolutely right that education is the key – but it’s an ongoing concern. Spammers are always developing new methods to trick the unsuspecting.
I had bot that visited my site a couple of times and re-posted all the all existing comments of a post.. but it shuffled all the words first, and then sneaked in some sneaky urls (: twas a laugh none the less.
I always review my comments before publishing, so a part from spam, nothing offensive get’s published.
Ps. Judging from your level of productivity James, I’m starting to think that you are some kind of robot too š
I’ve found that sticking a hidden field with a blank value in the form stops pretty much all spam in comment and contact forms, or any form actually.
by hidden though, i mean “display:none”, not an “.
for example:
<input type="text" name="check" value="" style="display:none" />Bots usually fill in all fields of a form with fake values. If someone submits a comment and the “check” field has a value, then you know it was a bot. If your worried about users w/out css enabled, then just place something before it saying “don’t enter anything”.
@Alex, I can see the logic in what you’re saying but spammers and criminals are getting wiser and will soon exploit your logic.
@Shane, you’re right, it’s just annoying because in the end we’re all quite powerless to do anything. Google Mail is awesome at blocking spam so email spam isn’t much of a problem for me but my dad receives upwards of 1000 spam messages in just one day. I’ve told him to start using a different email address but he says the hassle involved in changing it doesn’t outweigh the benefit… It’ll only get worse for him.
@Daniel, I think comment spam only becomes a real problem with really big sites – moderators don’t have time to review every comment in detail so many of the spam comments (like the seemingly innocent one in the example) end up getting through. LOL @ me being a robot! š
@Corey, I’ve heard of that method before and I’m sure it works really well but eventually (like all other methods) the spammers are going to be able to detect those fields which are hidden.
Instead of hiding the fields using css we can use JavaScript that way it will at least buy us some time to find some new solutions to it.