robinadr

Tagged spam

A lovely spam email

How do people still fall for these obvious phishing attempts?

I count a few spelling mistakes, many grammar mistakes including improper capitalization, “value customer,” and so on, plus the URL itself is secureupdate-welsfargo.us.pn

Not to mention, I’ve never had a Wells Fargo account in my entire life.

Near the end of April, I installed the Anti-spam plugin, which added an automated JavaScript-based verification system. The effects have been drastic:

The effects of Anti-spam

This graph shows the amount of spam that has been reaching Akismet: absolutely none. At the same time, legitimate comments have been making it through, so the system seems to be working as expected. I highly recommend this approach to combating comment spam, at least until spammers find a way around it.

I disabled Bad Behavior a while back because I discovered that it didn’t play well with my caching plugin.1 Since then I’ve only been running Akismet, which has been working great. Unfortunately, the problem is that while Akismet filters through spam that get submitted, it doesn’t actually stop spam bots from submitting in the first place, which is what Bad Behavior did. This is important because part of what NearlyFreeSpeech bills is resource usage.

I found a plugin called Anti-spam that works as a “hidden captcha” of sorts. Working on the assumption that spam bots don’t execute JavaScript, it adds an extra field to the comment form. This field is invisible if you have JavaScript enabled, and if you don’t, it asks you a human-answerable question.

The effects have been pretty great. Normally I wake up to around 100-150 spam comments waiting for me, but this morning I found a grand total of… 0. It also let a legitimate comment through in the meantime, no problem.

Whether you get charged for resource usage or not, I would highly recommend installing Anti-spam or a similar plugin. Just the simple defense of not letting spam comments through in the first place take a great load off of the server, since otherwise it would have to process and screen every single one. Ideally, I would run Bad Behavior in combination with Anti-spam, if it worked with my caching setup.


  1. The IP of whoever visited when the cache was being generated would end up hard coded in the <head> of the document, which resulted in people with various IPs who visited having the original visitor’s IP in the Bad Behavior check. 

Although I’m about 13 hours late, Pacific time, I’ve turned off all spam filters, including Akismet and Bad Behavior, in an attempt to see just how much spam filtering plugins help. I’ve also disabled DoFollow, for obvious reasons.

There’s more information on the announcement post on the blog that started this day, justaddwater.dk.

Brace for impact, people.

As stumbled upon through the Akismet blog, Jesper Rønn-Jensen is planning to completely disable his spam filters on December 15. While that may sound a bit crazy, it’s an interesting experiment to see just how much time tools such as Akismet saves you every day.

So, on December 15, which is thankfully a Saturday, I’ll be turning off all spam filters on my blog, namely Akismet and Bad Behavior. As the article also suggests, I’ll also be disabling DoFollow so Google won’t get confused. I guess I’ll prepare by adding my spam queue to my bookmarks bar.

Anyone else?