Spammers continue their barrage of comment spam on my blog (currently over 100 a day) and Akismet continues to hand them their balls on a platter. I don’t understand why this isn’t a bigger story. Akismet should be getting a fucking ticker-tape parade. Everyone bemoans spam and all the problems it causes and wonders what the solution might be. Apparently the answer is Akismet. I don’t pretend to be an expert on the technology behind it but I’d love to know why it isn’t directly applicable to email.
Akismet has blocked over 7,500 comment spam in the last six months, the thought of having to delete all of those manually is horrifying to contemplate. It’s at least 99% effective – hardly any comment spam get through and there are very few false positives (meaning I have to recover genuine comments that were misidentified as spam). Although, here’s a warning: careful about putting links in comments, this is often a red flag for spam filters. And with the tsunami of comment spam I’m getting at the moment there’s a high risk I might miss any false positive thus losing the comment forever.
The stats on the Akismet site are scary – they’ve collectively blocked over 310 million spam and catch several hundred thousand more every day. By their estimation 93% of all comments are spam. This seems on par with many estimates for the proportion of spam email as well.
I have to admit, sometimes the spammers get creative – the comment is nothing but a flattering comment and the only link is in the message header. Some of these were so flattering I was tempted to leave them up. Actually, a message to the porn spammers: if your porn was any good I’d probably let the comments pushing them stay up. But the links don’t even go to real porn site, just these stupid link farms aimed at screwing advertising dollars out of various companies. Or at least I’ve heard their porn isn’t any good. I don’t spend all my time going through comments spam looking for good porn, who suggested that?
But I don’t have a significant problem with spam email either. Both my gmail and yahoo accounts have spam filters that are nearly 100% effective so I just have to check occasionally to make sure there are no false positives there instead of having to wade through mountains of spam to get to my real email.
So why does spam keep happening?
If there was any intelligence or direction behind the comment spam they surely would have given up on targeting WordPress blogs ages ago. This leads me to believe that most of it is coming from zombie nets. Foolish people without sufficient anti-virus protection whose hijacked computers are spewing out millions of spam without them realising it. I can’t help thinking that some people are just too stupid to be allowed to have a computer. Then again, I think that there are lots of people who are too stupid to be allowed to breathe. One day I’ll get my way.
I still advocate that those mega rich IT types should forget about solving world hunger and disease and instead donate a bit of their money to hiring hitmen to kill spammers. Not quietly and secretly either; video their executions and put it up on YouTube. Now that’s a video I’d pay to see! Actually, if you want some cathartic reading, try this article from Wired about the gruesome murder of a Russian spam king.
Microsoft are trumpeting their shiny new anti-virus and anti-spam weapons which, based on their track record, is probably bullshit but from what I’ve seen they’re going about it the wrong way anyhow. They’re obsessing over stopping spam and viruses from coming in – other people have that covered. Surely it would be easier for them to stop spam from being sent out?
The old-school spammers sent all the spam themselves but that’s the past. These days, they have idiots with unprotected PCs sending all the spam on their behalf. I would think that it isn’t rockets science to have an application on PCs that knows when email and/or applications are being sent out that can actually stop the process and alert the user. Something along the lines of stopping suspicious levels of activity and producing a pop-up saying “You’re sending out hundreds of messages which suggests your machine is being used to send spam. Do you want to stop sending these messages?”
Maybe make it more threatening for the really stupid users so they get the message. “You may be legally liable if you do not take the appropriate action,” or “We’re going to use your IP address to work out your physical location and send someone around to kick the crap out of you.”
Before anyone says violence isn’t the answer, hear me out. We haven’t used (enough) violence against spammers so far and spam keeps getting worse. It’s only fair and logical that we give extreme violence a chance and see if that works. I want to explore all the options.