¶ In response to increasing amounts of comment spam, Simon Willison published a domain blacklist, hoping that others would do the same and so build a decentralised web of trust whereby other people’s recommendations help my system combat spam better. This was a great move, and other good folks have subsequently joined in.
One of the points Simon made when announcing his idea was that he would not merge other people’s lists with his own public list. By keeping individual’s contributions separate, we have decentralization at work and this important for maintaining the integrity of the blacklists.
If everyone’s public blacklists were automatically created from everyone else’s blacklists, then rogue entries (non-evil domains) could very rapidly propagate across the whole web of trust and, until everyone fixed their list, the situation would keep reoccurring. Whereas if everyone merged a master list privately and published only their own contributions, a rogue entry could not spread from list to list, and it would be easier to identify and unsubscribe from the culprit.
Update: Jay Allen reminded me that I’ve yet to provide a clue as to what to do with a blacklist once you have one. Well, if you’re a Moveable Type user you should, of course use Jay’s MT-Blacklist plugin. Otherwise, if you use a home brewed CMS then I could provide a quick tutorial of how to do it in PHP. Blogger users – I don’t know, sorry.
Comments
1
Rich,
this problem seems to have exploded recently, partly because if you’re running MT (as a lot of bloggers are) then the spammers know exactly what field names to use in an automated attack. The other reason is probably the increasing effectiveness of email spam-blocking, forcing the problem elsewhere.
I’m currently trying to install MT-Blacklist, but I’m waiting on my ISP installing a required Perl module…
2
My blacklist has really started to pay off now. I’ve set it up to email me when it blocks a comment, and I’ve had quite a few come in via email that were stopped by the banning system. I’m alsot getting quite a bit less comment spam attempts, which could be because the manual spammers are reading the “don’t spam me, you’ll get deleted and blacklisted” notice on my comment form.
3
Hi Rich,
I’ve just added my own anti-spam system to my blog, so I’ll be building a blacklist as well. Feel free to grab it:
http://www.1976design.com/blog/blacklist.txt
Cheers – Dunstan
p.s. nice feature turning underscores into italics on this comments system!
4
I am just put together a similar plugin for IP blacklists kept by MovableType:
http://www.shaftek.org/blog/archives/000242.html
Add your comment
Comments are now closed on this post. If you have more to say please contact me directly.