Spam-related, part 2

A while ago I wrote about spam filtering in MovableType. It turns out that the blog spamming bots are a bit more advanced than I expected. A simple hidden field (even with an html encoded value) didn't cut it – apparently the bots have gotten to the point of actually parsing the HTML, at least to some extent. I still believe they're hacky at best, so throwing in some SGML anomalities will probably curb them. Too bad browsers are hacky too – it's going to be another balancing run to do something that browsers will interpret correctly and spambots will be mislead.
Until I have the time to manipulate my blog templates again, I installed MT-Blacklist which seems to be quite a good temporary solution.
To change the subject to email spam, CodeProject's recent article called Avoiding spam-bots is a good example of fixing problems the wrong way. It's got exactly the same idea as I described below: Try to store data in a form that's unreachable for spambots, but that can still be useful for the normal user (browser or the human). In the example, Javascript-based encoding is used.
It hurts to read the comments: Most readers applaud the solution, but apparently without understanding the implications of requiring JS in the first place. Oh well, it's going to bite them – or their possible customers – at some point. At least they weren't talking about embedding the email address into an custom generated image.
Still, I agree spambots are an issue. Personally, I've stopped caring. I just publish my email address freely and focus the effort on filtering the spam at my mail client. So far, the combination of SpamAssassin and Thunderbird is working remarkably well. It takes me a few seconds every day to wipe the couple of spam messages getting through, but it's better than requiring everybody wanting to contact me to either have JS or manually fix my email address. Btw, the filtering ratio is at 95-97% currently, so I'm pretty happy.

September 11, 2004 В· Jouni Heikniemi В· One Comment
Posted in: Web

One Response

  1. Christina - April 19, 2017

    Hmm#3m82&0; I think my blog is public, is it? or isn't it? So you can still follow and read my post, can you? can't you? Can you read it with Google Reader?Oh, now I'm so worried!!

Leave a Reply