I have comments, but no spam in my comments. Here’s why.
Moderation · I’ve had a comment system running for about three years here, but I haven’t got around to turning off moderation. Still, when I moderate, I almost always just one-click accept all the comments. When I reject them, it’s mostly for being vacuous, not adding anything to the discussion. Then there are a very few that are toxic or poisonous or maybe libellous. Finally, there are a single-digit number every year that are sort of spam; written by real people trying to place a comment with a link back to their lame or porny or MLM or whatever site. I covered the latest variation in Is This Spam?
Should I turn off moderation? It would require me to implement some code for quick easy one-click removal of a comment when one gets through that I don’t like. I’m really not sure it’s worth the trouble.
Be Different · This site is different from all the other blogs, of course, in that I wrote the software and it only runs here. So a spammer who figured out a route into my comments would only have one site to attack; the rewards for subverting WordPress or Blogger are way higher.
It’s different in a subtler way. There’s no comment form at the bottom of the entries; just a link that invites you to click on it to make a contribution. A minor barrier for a spambot, but my feeling is that a succession of minor barriers is the best way to fight back. The economics of spam are such that everything you do to make your target a little more complicated and less soft discourages a certain proportion of the bad guys.
Having looked at WordPress a bit, I suspect that it wouldn’t be too hard to introduce a lot of simple, maybe random, variation in the way that any given blog asks for comments. Which might help.
Be Human · The single best way to defeat the economics of spam is to make it non-free. The best way I know of to do that is to force a human to get involved. This is the purpose of the Captchas you see on so many comment sites.
My approach is simpler. If you try to comment and ongoing hasn’t seen you before, it’ll ask you to answer a simple question that I think almost every real English-speaking human should be able to handle. Here are a few random examples taken from the just over 200 I cooked up:
Is France a city or nation?
How many sides has a square?
Which word is longer, alphabet or box?
It turns out this is overkill. Joe Gregorio just asks prospective commenters to include a single hard-wired string which he helpfully provides in an explanation right there on the comment form. Maybe I’ll go to something simpler too.
Be Sneaky · If the comment system here decides you’re a spammer (you try to post too often, you fail the “any-human-should-know-this” test), it takes evasive action by pretending it’s had an enterprisey-sounding programming error. Here are some of the messages you might see:
Error: Document pre-parse replicator unavailable; exiting.
Error: Module synchronization initializer terminated; exiting.
Error: File marshalling responder invalid; exiting.
It’s a simple random-phrase generator. Some of the messages verge on haiku;
www.tbray.org/atompub/ouch a few times to savor the
To protect the guilty, I won’t name the correspondents who’ve written me with detailed instructions on how to fix my Rails routing or Spring configuration to make the problem go away.
Does This Help? · I don’t know. Maybe it’s just some combination of moderation and luck that keeps me spam-free. But maybe one or two of these tricks will help someone else.