On decentralized blacklists

§ Blogging

In response to increasing amounts of comment spam, Simon Willison published a domain blacklist, hoping that others would do the same and so build a decentralised web of trust whereby other people’s recommendations help my system combat spam better. This was a great move, and other good folks have subsequently joined in.

One of the points Simon made when announcing his idea was that he would not merge other people’s lists with his own public list. By keeping individual’s contributions separate, we have decentralization at work and this important for maintaining the integrity of the blacklists.

If everyone’s public blacklists were automatically created from everyone else’s blacklists, then rogue entries (non-evil domains) could very rapidly propagate across the whole web of trust and, until everyone fixed their list, the situation would keep reoccurring. Whereas if everyone merged a master list privately and published only their own contributions, a rogue entry could not spread from list to list, and it would be easier to identify and unsubscribe from the culprit.

Update: Jay Allen reminded me that I’ve yet to provide a clue as to what to do with a blacklist once you have one. Well, if you’re a Moveable Type user you should, of course use Jay’s MT-Blacklist plugin. Otherwise, if you use a home brewed CMS then I could provide a quick tutorial of how to do it in PHP. Blogger users – I don’t know, sorry.