Recently a friend commented that she had been getting a surprising number of comments on her blog – every day she was receiving multiple comments and compliments on what she thought was a fairly obscure blog post. “They’re not spam,” she said, “they’re just people saying they enjoyed reading the post.”
Being of a suspicious nature when it come to matters of the web, I decided to take a look. Unfortunately, deserving of compliments though her blog posts are, I quickly identified that the vast majority of her apparent fan mail was, in fact, spam. Now this friend is not a fool, and if she can be caught out by the spammers, many others can too. Some of the tricks they use are easy to miss for the unaware, but very easy to spot if you know what to look for.
So, I thought this topic was worthy of a blog post. I’ll cover first how to stop most of the spam getting through in the first place, and then how to recognise the ones that have slipped through.
Filtering Out the Spam in the First Place
Install and Activate Anti-Spam Measures
If your blogging platform has an anti-spam filter available (and it should), ensure that this is activated. For WordPress, the anti-spam plugin Akismet comes with the standard setup. For blogs on wordpress.com, this is activated by default. For self-hosted blogs, you will need to get an Akismet key and activate the plugin. This only takes a couple of minutes.
Akismet itself is extremely effective at filtering out the spam, but I tend to install a second plugin as well. Bad Behavior is another handy WordPress plugin that blocks the robots from delivering the spam in the first place.
With these two measures in place, I rarely see a spam comment; they all get filtered straight into my spam folder.
Require comments to be moderated
Set up your discussion settings so that comments have to be moderated before they appear. WordPress gives you the option to require an administrator to approve all comments, or to require moderation for a comment author’s first comment only. Make sure at least one of those is enabled. Some spammers will start with an apparently innocuous first comment to get approved, and then start hitting with the spam, so be wary of the latter option.
Recognising the Spam that Does Get Through
While it may seem that a spam comment should be obvious as such, this is not always the case. Spammers are clever at making their comments look genuine, and they won’t always contain obvious references or links to Viagra or other common spam subjects.
Take this comment that arrived on my blog:
At first glance, this may appear to be a simple complimentary comment from someone with a real name, who has enjoyed reading your blog. A couple of things set off alarm bells for me though.
Content – is what the commenter says relevant specifically to your post?
It’s always nice to get compliments. But look at what ‘Lucy’ has actually written – does it say anything specific about my blog post? Or could this comment have been left on any blog?
If you’re not sure, here’s a tip – Google it. If it’s spam, there’s a good chance the exact same comment will be left on lots and lots of blogs. Here’s what I find when I copy and paste this comment into Google:
Okay – either ‘Lucy’ is a prolific reader with very eclectic tastes, or there’s a good chance she’s a robot. My bet is on the latter.
Note: Another variant that was doing the rounds a while back was to claim some kind of technical problem with the website – something like “Hi, I’m having trouble viewing your website in Opera browser. You really need to fix this, as I’d love to read your blog but can’t!” If you can’t win them over with compliments, plant the seeds of doubt in their minds – the average blogger probably won’t have Opera browser installed to check this themselves, and may assume that their web developer hasn’t tested something properly. (All my sites are tested in Opera, by the way!)
Most blog comment forms have a space to allow commenters to leave their website URL, if they have one. When their comment is published, their name will become a link to that website.
This is the spammers’ main target – they are trying to drive traffic to their website, and generate backlinks to improve their search engine rankings (this won’t work, by the way – Google frowns on this practice, and they are much more likely to get their site blacklisted).
So, check out the URL they have left (don’t click on it, unless you’re fairly confident they’re legitimate, and you want to check it out). Note that ‘Lucy’ has left a website called www.loans4you-123.com. Now if you are writing a financial blog, this may be perfectly legitimate, as you may have a lot of readers who have business websites to do with loans, and linking back to their own website may make sense. But on my web design blog, that definitely screams link dumping to me.
Note, of course that you can always remove the website link and publish the comment anyway. If a comment is borderline, you can edit the comment, remove the website address, and approve the comment with no link. So if they are a spammer, they won’t gain any benefit from their comment being published. If the same person continues to interact with your blog posts with meaningful comments and you decide they are legitimate, you can always leave their website address on later comments.
One other flag, though I don’t think with as much weight as the previous two, is the email address they supply. Spammers will often use email addresses that look like they have been generated by a robot – usually strings of random numbers and letters. Lucy’s email address fits the pattern. However, some legitimate readers may also use disposable email addresses for commenting on blogs, as they want to protect their own email account from spam. So I personally wouldn’t judge a comment as spam solely on the email address, but when weighed in with the other factors, it can certainly help tip the balance.