I have received over 500 comment spams over the last day. I have deleted almost all of them, but I will leave only one set of 30+ spam comments undeleted for a few days, so people can get a look at the result of the obviously automated attack on this blog.
(Update: I have removed the spam comments now.)
Existing solutions to this problem seem to focus on blacklisting or denying the spammers Google ranking points by redirecting, as well as some countermeasures against automated spamming.
All of the above at the best stop the spammers from getting any illicit advantage from their evil activity. I think that is not enough. Since this is clearly an abuse of the Google ranking system, I think Google should delete all offending domains permanently from their database in retaliation.
Once Google starts doing this, comment spammers might want to think twice about their obnoxious acts. The risk of loosing everything might turn out to be an effective deterrent, which is not available for conventional e-mail spam.
Does anyone out there know if Google would be interested in tackling this form of abuse or who would be an appropriate person there to ask about their opinion?
Since spammers tend to attack old posts, one solution in addition to blacklisting is to freeze your comments (not allow new comments) on all posts over a week or two old. There's not much point in leaving comments active after that anyway.
Posted by: Mark S on February 15, 2004 11:04 PMThanks. I agree that this is one good idea too. And I am doing that for most posts that are actually attacked while I am deleting the offending comments and editing the post already. Only sometimes I forget.
Posted by: Karl-Friedrich Lenz on February 16, 2004 09:41 AMDeleting "offending domains" from Google would give spammers an excellent instrument to kick just about any domain name off the Google index.
Posted by: Thomas Roessler on February 17, 2004 12:12 AMI agree with Thomas. Also Google seems to be very reluctant to do any human editing (like blocking domains) to their database.
Posted by: Maximillian Dornseif on February 17, 2004 10:52 PMYou are right, that would be a problem.
On the other hand, the same is true with all countermeasures against conventional e-mail spam. All those can hit someone who really was not responsible, but was targeted by the real spammer. But while that problem of false positives exists, it is not enough to stop hitting spammers altogether. It would need to be addressed in a satisfactory way by any Google policy for deleting comment spammer's domains.
As to the reluctance of Google to do anything, I just don't know about it. They do have a webform for reporting ranking abuse and say there:
"We investigate each report of deceptive practices thoroughly and take appropriate action when abuse is uncovered."
However, that form is clearly intended for other sorts of abuse like "hidden text, deceptive cloaking or doorway pages", so I hesitate at this point to use it for reporting comment spam.
Gratitude is not only the greatest of virtues, but the parent of all others.
Posted by: Hale Scott on May 4, 2004 02:21 AMThanks for your great comment, HAL. I am really grateful for the opportunity to address the questions you are raising in a new post to the main blog here.
Posted by: Karl-Friedrich Lenz on May 4, 2004 12:53 PM