2010-06-30
An update on comment spammer behavior here on WanderingThoughts
I last wrote about comment spammer behavior (plus) and my comment spam precautions back in 2007. Three years is almost an eternity in Internet time, so I figure it's about time for an update on the comment spam situation here.
These days, by far my single most effective anti-comment-spam precaution is my invisible honeypot text field. Comment spam robots appear to be utterly robotic about filling in any text field they can see, or at least any text field that appears to be called 'name'. I suspect that the spam robots are programmed to look for the name partly because many of the field contents that I see are either vaguely plausible names or at least short things like 'xzhmrgvpx'.
(At other times, the field gets stuffed with things like 'Buy percocet' and other short sentences.)
Some comment spam robots are smart enough to get past having to preview comments before they can be posted. I suspect that they are not doing anything smarter than noticing that the new page they got in reply to their POST still has a familiar form and re-doing another POST (possibly after re-stuffing some of the field values; interestingly, the one thing that they don't seem to do is re-stuff my honeypot field). The spam robots that I see here don't seem to try this more than once.
(I assume that this means that a decent number of blogs now need this sort of repeated posting attempts.)
None of these comment spam precautions save me from actual humans (which I get every so often) or would help me against a spam robot that was specifically programmed to deal with WanderingThoughts. Thus, at the meta-level my two most effective precautions continue to be not running common software and not being popular enough to make it worth anyone's time to program something for me specifically.
2010-06-06
The quiet death of postmaster@anywhere
I like following RFCs, by and large, and I like being a good Internet neighbour, and I have been behind one or another postmaster@ address for a very long time. But I have to face reality and admit something; regardless of what the RFCs say, the postmaster address is dead and has been for years, and basically no one would notice if we quietly turned off ours.
It would be one thing if postmaster addresses didn't get any email at all, but of course this isn't the case. Postmaster addresses may not get email from people any more, but they get plenty of spam and a decent amount of bounce messages. The people behind postmaster addresses have been noticing this for years, so for years more and more of them have been going dark; either there's no postmaster address at all, or email to it is never seen by a human (at least in practice). Of course this compounds upon itself; as more and more postmaster addresses have been turned into the equivalent of /dev/null, fewer and fewer people email any postmaster address any more so the spam piles higher and higher.
(One of the problems with any address that gets a large pile of spam and very little real email is that it's easy to miss the rare exception, ie the real mail. Humans very quickly come to expect the routine case and automatically assume it, and when the real case is spam you start deleting mail on reflex without really looking at it. When a real person emails you, it's easy to not actually notice.)
This may be different for large or popular domains, but it's certainly the truth here; I think it's been years since our postmaster alias got anything but spam or bounces. And these days I'd have to be pretty desperate before I bothered to email a postmaster address somewhere else (and I wouldn't really expect any results). So the reality is that postmaster addresses are dead and have been for years, however sad I find it that another bit of the old Internet has quietly come to an end.
(Despite having said this, we're not likely to turn off our postmaster address any time soon because right now, the spam filtering on it keeps the noise almost entirely away. But if that ever changed, I suspect that our postmaster alias might get axed fairly fast.)