Comment Spam #2

closePlease note: This post was published over a year ago, so please be aware that its content may not be quite so accurate anymore. Also, the format of the site has changed since it was published, so please excuse any formatting issues.

In response to the comments/suggestions made by Will and Kris on yesterday’s post:

The thing I don’t like about the CAPTCHA technique is that it’s impossible to have a good balance between form and function. That is to say, if it works at peak efficiency, then it’s an accessibility nightmare. If it works at peak efficiency for accessibility, then it’s basically useless at thwarting spam.

I also don’t want to make a rule that you can only include one link per post, because sometimes it’s entirely appropriate to post several links. Granted, it’s rare that anyone who isn’t a spammer would need to do that, but you never know.

A great real-world example is on the blog of a friend. In a recent post, she and I were at odds about something, and I was trying to make a point by linking to five different pages that I felt helped support my view. The commenting system that she uses (HaloScan) only allows three links per post (it did politely tell me that I had tripped the spam filter), which meant I had to post two separate comments.

Another method, which wasn’t suggested, is to allow only registered users to post comments. If your blog is hosted at Blogger and you use their built-in commenting system (as I know several of you do), then you have the option to disallow anonymous comments, thereby reducing the amount of comment spam you receive (which runs rampant on Blogger). Again, I am averse to such a system because of the impact it would have on “casual” users. I’ve had the Gravatar option in place for… Um… A while now (how long has it been?), and how many of my users actually have them? Including me, I think it’s about three. Maybe two. How many people do you think would sign up just to be allowed to post a comment?

In all three cases, it becomes a usability issue, insofar as it’s an added layer of bullshit that users have to sift through in order to post a comment, which may lead some users to decide that it isn’t worth the effort (no matter how little effort that is). Although I must admit, requiring users to put some thought into their comments in order to make them “worth it” is probably not a bad thing.

Really what it boils down to is user experience. Do I want a site that’s pleasant and easy to use (no digs about the current state of the site’s pleasantness or pleasantlessness, please), or do I want a site that suspects every user of being a spammer? Do I want a utopian site, or an Orwellian one?

Because my previous paragraph reminded me of it, I’ll wrap this up with the Morning Litany for a Web Server Administrator (an oldie, but a goodie).

“All data is fraudulent.

All communications are attempted hacks.

All clients are thieves.

Technology is only my first line of defense.”

0 People like this. Be the first!


  1. I usually check blogs/friend’s websites in the morning, I must have caught your post early.

    Seems to me that the question is how badly you wish to cut down the spam. I like the captcha routine on my site but I am not really concerned with any traffic impacts. I use my site mostly as a clearing house for my head and to bitch once in awhile. I allow comments but really don’t expect any.

    What are you hitting now with Allopod? 400-500 download per episode? It looks like people care about your content and I don’t think a captcha would reduce that any. You can always try for a couple of weeks and see what happens.

    On some of the phpBB’s I support I still have problems with people that are hired specifically to seek out forums and blogs and post comments. It’s the downside to social networking I guess.


  2. And it all comes right back to that. All the CAPTCHAs, limitations, and required registrations in the world won’t stop someone from spamming you if they’re really determined.

    Since it’s a nascent problem for my site, I’ll have to look into my options and determine what I feel to be the best. Perhaps a combination of the suggestions is the way to go. For example, casual users/guests can only post one link, while frequent/registered users can post as many links as they’d like.

  3. I don’t know what you’re using to blog, but if it’s WordPress, you could try WP-Gatekeeper as an accessible CAPTCHA solution. Or you could implement your own version, if you aren’t on WP.

  4. I use MovableType, which I’ve always really liked (Kris can attest to all of the fun, non-standard stuff I do with MT).

    According to the MT website, v3.22+ have a built-in spam filter. Good thing I’m running v3.17. D’oh!

    I’m moving the site to a new server soon (probably in early November, after I’m back from Hawaii and all settled in again). When I move the site, I’ll update MT as well.

    Unfortunately, we won’t be seeing a new layout for a while. I’d give everyone a preview, but I don’t even really have a comp done yet. Then again, show me a web designer who has time to work on her personal website and I’ll show you someone who’s unemployed.

Leave a Reply