In the previous post we looked at what blog comment spam is. We defined three different types and looked at three different sources. But now we want to know, “How do we fight back?” Comments are a valuable part of blogging and the social web. They are vital for building community. But it takes time to moderate comments. What ways can help us handle the load?
Some bloggers have given up the fight. They shut comments off completely and the blog becomes a one-way rant rather than a conversation. I find this very frustrating. It cuts out an important part of the blog experience and doesn’t help the community. There are no conversations, no backlinks, no accountability. This is appropriate for a corporate information site, but not for a blog.
Others have given up the fight by going in the opposite direction. They just auto approve everything. They get lots of spammy comments (and I’m sure that the spammers share this information) and let them sit in amongst the true conversation — kind of like weeds in a garden. This works well as long as you don’t mind the type of spam coming in. Some of it is actually quite creative and even fits into your blog.
But what happens when you start seeing the pornography comments? Or the “600 link” comments? What happens when your visitors see them?
Most of us have to live somewhere in the middle ground between these two extremes. But how do we handle it without going crazy? Well there are lots of techniques that are in use right now and you need to find a combination that works well for you.
I use mostly WordPress blogs, so this will lean more towards WP but most of these techniques should be available in other blog software.
WordPress allows you to set up some basic comment moderation. There are several settings:
- Require commenters sign up for your blog. I know that always turns me away from commenting on someone’s blog — I don’t have time to register and remember another userid/password. Check out Are You Chasing Your Blog Audience Away? for a well written post on this subject. Bottom line, don’t do this unless you’re building a forum.
- All comments are put into the moderation queue. This is the kind of work we’re trying to avoid, so lets see what else there is.
- Allow users who’ve already had approved comments on your blog to post without moderation. This will cut down on the amount of work required if you have a lot of repeat commenters. But keep in mind that spammers know this and will often put in 1 or 2 good comments to get past this and then start spamming.
- Allow all comments. Believe it or not, this is the route that use on my blogs although I have some plugins that help identify spam.
There is also a section of comment filters that is applied to every incoming comment regardless of the settings described above. This allow you to set up general filters that look for certain keywords or multiple links.
I’ve left these alone as the plugins that I use will do a better job of catching these types of spam comments.
Finally, there is the avatar. If you’re not familiar with this concept, I’d suggest that you check out Gravatar, the de facto standard for avatar handling on the web at this point. It allows users to have a profile picture that follows them around the web. Set it up once and it is there for any site that allows them to be used. This functionality is built into WordPress and most other CMS and blog systems.
The advantage to having Gravatar enabled on your site is that spammers rarely have one. They are based on email addresses and spambots use throwaway addresses. This will be a big help when moderating the comments that get into the queue (or even those that get through). Keep in mind that the absence of a Gravatar is not a spam indicator by itself — many legitimate users don’t use them yet leave thoughtful and useful comments.
Now that we’ve done what we can do with WordPress out of the box, we can now start to tinker. If you go to the Install Plugins page and enter the keyword spam you’ll be presented with a list of plugins that deal with spam related issues. The current list shows 19 entries. Some of them are older plugins that are no longer supported (or needed). There is even one that let’s you turn off the colour coding for spam entries so they don’t clash with the admin theme colours.
But of the rest, there are 2 major classes of plugins — those that try to prevent or slow down spammers and those that try to determine which comments are spam after the fact.
These plugins use different techniques to ensure that the comment is coming from a live person rather than a spambot. They’re usually pretty effective and use techniques such as Captcha’s or mathematical questions that are hard (but not impossible) for a spambot to crack.
They work pretty well at keeping out most of the spam, but they may also keep out a lot of legitimate comments. I know that I hate them and I doubt that I’m alone. They make for an extra step to leave a comment. And no matter how politely they are presented, the implication is that you don’t trust me. For this reason alone, I don’t plan on using this type of plugin to combat spam.
Detection is the other route. These plugins will scan comments that come in, looking for various characteristics that indicate spam. The best of them use databases to compare comments against. Over time they become more accurate. They will detect potential spam comments and either delete them or put them into the moderation queue for you to check.
I like this route. It allows most legitimate comments to come through without any intervention or extra steps on the commenter’s part. The comments show up immediately. And any questionable comments will end up in the moderator’s queue where you get to decide.
My favourite plugin for spam detection is Akismet, which comes built in to WordPress. You’ll need to get a free API key to allow the plugin access to the database, but that’s all. The API key works for multiple sites and there are Akismet plugins for other CMS products (for example, I have a Drupal site with Akismet enabled).
What does the future hold? Well, if the past is any indication, spam will continue to be a problem for bloggers. As long as it gives them a benefit (i.e. traffic and/or backlinks) that outweighs the costs they will continue to find ways to put comments in our blogs. Hopefully platforms like WordPress will be able to introduce tools to reduce spambots. I’m hoping to see a mod that will use nonces to bounce the bots. I don’t know if it would work 100% and there are some other issues with it. But it may be one way to make things harder for them.
In the mean time, we have to continue to be vigilant in our fight against spam. We need to look at our strategy to keep spam out of our blogs while encouraging good communities. It isn’t an easy task, but I believe that it is worth it.
The Next Phase — Moderating
We will have some comments in our moderator queue that the filters and plugins weren’t sure about. There may be some comments that went live when they shouldn’t have. And worst of all, there may be some false positives that were flagged as spam. In the next article will discuss how to handle this.