« Ayaan returns | Main | Hi-tech, low-tech »



As has been discussed in the past, the goal of weblog spammers (currently, at least) is not necessarily to get blog visitors to click through on the links they submit, but rather to get search engines to count those link towards their link ranking scores. This makes the identification of user-submitted comment essential.

Recently, we’ve reached out to other blog tool vendors to try to coordinate information about comment spam techniques and behaviors. As part of these efforts, we’ve also begun to talk to search companies about enriching linking semantics to better indicate visitor-submitted content (like comments or TrackBacks).

The search team at Google approached us with the idea of flagging hyperlinks with a rel="nofollow" link attribute in order to alert their search spider that a particular link shouldn’t be factored into their PageRank calculations. The Yahoo and MSN search teams have also indicated they’d support this new spec, and we’ll be implementing and deploying this specification as quickly as possible across all of our platforms around the world.

And I hear that Blogger, WordPress, Flickr, Buzznet, blojsom, and Blosxom will also implement this feature.

It's still not as good as leaving me alone for five minutes with an unconscious comment spammer, a rubber glove and the fruits of my pepper plant, but it's a start.

(Hat tip: Pete Ashton)

Update: Via Brad DeLong, Chuq Van Rospach is pessimistic:

Problem 1: this only works if people upgrade their systems and use the new feature. That's not a problem at TypePad where the upgrade is managed by the company -- but if you look at the history of security upgrades in the general user community, it's not pretty. Just look at how well we've solved the zombied PC problem (heck, look at MY blog, where I'd expected to upgrade months ago -- and I DO upgrade stuff). The internet is littered iwth "install and forget" installations that never get upgraded, never get patched. So I'm immediately skeptical that we're going to get critical mass of usage to cause the spammers to decide it's not worth it any more and go annoy someone else's technology.

Problem 2: what's it cost them to comment spam? If you make the assumption that this is attempting to make comment spam uneconomical (monetarily or simply "not worth their time") -- look how successful that's been in the e-mail spam world? the costs are likely smaller for comment spam, because you don't have the high traffic volume on the network email spam has for the spammer -- yet even if 60% or 70% or 80% or more of the spam is blocked, you don't see spammers giving up, and I haven't noticed that spammers (or worm writers) giving up on domains that are good at blocking spam or protecting PCs from being infected. The open relays and unprotected servers and spam that does get through is what they care about, so they hammer away at everyone, because there's no reason not to.

So I guess based on what we see elsewhere, my worry is that we'll implement this, and we'll still get hammered, even if the comment spam that does get through is useless to them, because they don't care. The smart spammers will likely teach their tools to look for the flag and go elsewhere and not waste their time -- but if the "install and forget" mentality exists in OS installs and blog software installs, it exists as well with spammers who download the scripts and use them without understanding them or really knowing what they do, too. So those script kiddie spammers will likely hang around no matter what....


This page contains a single entry from the blog posted on January 19, 2005 11:44 AM.

The previous post in this blog was Ayaan returns.

The next post in this blog is Hi-tech, low-tech.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.34