On the origins of spam and how to defeat it

This post is about Spam. Spam is not a bird, but just like our feathered friends it comes in many shapes, colors and sizes. Spam is an invasive species designed for parasitic behavior, a very successful one if we’re to judge by its rate of reproduction. Spam is a creature of the cyber-world and therefore a relatively new species, with a range that covers the entire planet and beyond. Spam is a blogger’s nightmare. Hunting season is always open on spam.

But what exactly is “spam”? With a capital “S” and the “™” symbol, Spam™ is the brand name of a canned precooked pork-meat product, introduced by the Hormel Foods Corporation in 1937 and entrenched in popular culture through the decades since. Beyond that, hails go to British comedy troupe Monty Python for producing a very popular skit that features two customers in a café who try to order breakfast, only to discover that all dishes on the menu include Spam in one way or another. This episode, now considered a Monty Python classic, presented “spam” as a substance that cannot be avoided and spawned the present use of the word as it refers to undesirable E-mails and comments loaded with malicious content that appear on blogs and web-forums.

True to the Monty Python hyperbolic spirit, the skit even includes Vikings. It made me laugh but your mileage may vary.  Here’s the video:

I’ll make no comments about the real, Spam-in-a-can thing, but as far as Internet spam is concerned, it’s definitely non-edible and its invasive nature has none of that Monty Python charm. Spam will find any blog way ahead of its intended readers. It will also be quick to tarnish that blog with malicious content using the “Comments” section.

These “spam comments” sometimes look like senseless strings of characters or obvious barrages of advertising links, but they come disguised in many ways. Frequent incarnations are generic, bland comments such as “nice flow, great design, just the piece I needed to read, you did a wonderful job here”, with no real insight about your blog’s content. Hidden in those messages, often embedded in fake E-mail addresses and user names, are links to unwanted advertising, “link farms”, pornography, sites selling SEO “services”, counterfeit brands, shoes, drugs, scams… you name it. Spam is also widely used as part of more sinister strategies involving identity theft and internet fraud.

Cartoon displayed with special permission from http://www.glasbergen.com

A blog attacked by spam could be defended by disabling its “comments” features altogether, but that is hardly the best solution as it sacrifices the very exchange of ideas essential to Web publishing.  I’m currently using three counter-measures to keep comments enabled and fend off spam on my blog. These may be obvious tips for experienced WordPress users but can be useful for bloggers just starting out, like I did a couple of years ago. I’m not an expert, I only report what has (or hasn’t) worked for me.

The three counter-measures I use to allow comments while keeping RIDE INTO BIRDLAND free of spam are:

1. The way my blog is set-up, a reader who wishes to make a comment does not need to be a “registered user”. I value and appreciate readers’ interest and want to make it easy for them to share their thoughts on the subject at hand. Unfortunately, spammers can use this as a gateway to filter into my blog. So spam counter-measure #1 is to configure WordPress settings so that all new comments are sent to a folder labeled “Pending”, while a notice of the new comment is sent to me via E-mail. The reader will see his/her post under a line that reads “comment awaiting moderation”, but the comment will not be made public until I log in as Administrator and approve it. To make the blog more user-friendly for regular readers, I’ve also configured my settings so that further comments penned by previously approved commentators are published in real time, no further approval required (I still get an E-mail notice). Arguably, a human spammer could first post a “legitimate” comment and once it’s been approved attack the blog with spam, but that has yet to happen (and if it did I could still delete all posts by the spammer and block him/her for good).

2. Counter-measure #1 has basically stopped unknown parties from posting comments in my blog without prior approval. But now there’s another problem: much time is wasted inspecting every piece of spam that knocks on the door wearing the “I am a comment” disguise, only to end up in the “Pending Comments” folder. I need spam counter-measure #2: like millions of other bloggers, I use the Akismet plugin for WordPress to separate the main bulk of spam from the smaller group of potentially legitimate comments. Take a look at the Akismet real time counter and be amazed by the huge success this super-hero of anti-spammers has achieved so far all over the WWW. Akismet now comes by default with all WordPress instalations and can be used free of charge by all creators of  “non-business personal sites or blogs”. An API key is needed to activate it, also free for personal users (you can read more about it in the Akismet FAQs). I’ve learned to trust Akismet: anything it sends to spam cemetery really deserves to be there, so I can just hit the “Empty Spam” button and move on to other things. Like maybe reviewing any comments still labeled as “Pending”, which now have much better chances of being bona-fide contributions by actual readers.

Cartoon displayed with special permission from http://www.glasbergen.com

3- Countermeasures 1 and 2 have solved the “spam as comment” issue, but recently more spam has been trying to creep into my blog in the form of fake registered users. Registering does not allow users to post comments without my prior approval, so these wannabe spammers have little to gain as far as I can see. Still, it’s disappointing to be notified of new registered users only to learn they’re all spammers (and often even their registrations are loaded with spam). A useful resource to deal with this problem is the website Stop Forum Spam: enter an E-mail, user name or IP address into their search box and learn instantly whether your new “registered users” are actually spammers that must be deleted. It works like a charm, but checking every fake user is a time consuming operation with zero entertainment value. To filter fake users I have now activated spam counter-measure #3, by means of another free plugin called SABRE (“Simple Anti Bot Registration Engine”). It blocks malicious software trying to register fake users by implementing a “CAPTCHA” (you know, those illegible strings of distorted characters that humans and only humans can sometimes read, then type into a box). But SABRE is not just a CAPTCHA generator, it also checks the IP addresses of all new registered users, thus screening human spammers as well. I started using it a few weeks ago and all bogus “registered users” have vanished for now.

So there you have it, three countermeasures I’m using against spam, the villain of today’s story. Dramatists will quickly point out that every villain has redeeming qualities, but I struggle to find any in spam. This creature of the cyber-world puts tremendous loads on communication systems worldwide and on people using those systems. It can also be part of identity theft and fraud schemes. Not surprisingly there are laws against spam and, the internet being what it is, websites about those laws. I queried Google for “negative consequences of spam” and entertained myself with the list of over 870,000 references that came up. Try it if you’re curious, or have a look at this PDF of an academic-looking report by brainy Silicon-Valley people on the “Impact of Spam Exposure on User Engagement”, complete with fancy equations.

Spam will continue to evolve, as will the countermeasures devised against it. The resources I’ve mentioned here have enabled me to keep a lid on spam, and many other resources are available for people running WordPress sites. They can be found by going to the “Plugins” pane in the WordPress “dashboard”, clicking on “Add new” and typing the word “spam” in the search box. You’ll be rewarded with a list of hundreds of plugins that interact with spam, complete with links to the developers’ websites, more detailed information and user reviews. It’s also possible to go directly to the WordPress sea of 26,000 plugins, where one may discover (with enough time and patience) many ways to tweak a blog.

From this corner of the web my hat goes off to all programmers who create and update WordPress plugins. Their contributions enable independent bloggers like myself to deal with pesky issues such as spam. The time they help us save can be applied to the real task at hand: producing original content for publication in the World Wide Web.


SPECIAL THANKS to artist Randy Glasbergen for permission to use two of his funny, witty cartoons. Randy’s work can be licensed by contacting him at www.glasbergen.com. He also has a line of laughter-inducing items for sale at his shop on CafePress.com. Knowing how to make people laugh is a true gift and this gentleman’s got it!

DISCLAIMER: all registered brands and names that appear in this post are property of their respective owners. I have no association with them except as a member of the general public.


This entry was posted in Blogging and tagged , , , , . Bookmark the permalink.

2 Responses to On the origins of spam and how to defeat it

  1. Querido hijo: no cesas de asombrarme! Realmente estás en todo! Tu última incorporación al blog es divertida e instructiva y tu dominio del inglés es cada vez mejor. Te felicito. (Aclaro para el público en general: no es porque sea mi hijo).
    Tu mamá

    • Ja ja ja, Gracias madre, no sé si “el público en general” haya quedado muy convencido de tu imparcialidad, pero yo sé que tu comentario es sincero y me encanta tenerte como lectora recurrente. ¡Muchos besos! IGH

Leave a Reply

Your email address will not be published. Required fields are marked *