Proper disclosure, or how not to be a comment spammer
Shortly after I wrote my first ipsCA entry, I got a comment on the entry recommending a specific other SSL vendor. At first this didn't strike me as unusual; it was the kind of helpful note that might be left by one of my readers (or just someone who saw my blog entry on Planet Sysadmin). But I have a hair trigger with spam, one that not infrequently makes me unreasonably suspicious, so I ran the poster's IP address through a reverse DNS lookup just to make myself feel better.
Since I'm writing an entry about it, you can probably guess what the result was. Let's just say that the IP address in question was intimately associated with the SSL vendor that was being recommended (although this was not immediately obvious, since it was in the overall corporate domain instead of the vendor's SSL site).
I doubt that this is actual, intentional comment spam (for a start, I suspect that anyone underhanded enough to do this intentionally is smart enough to do it in a less traceable manner). Instead, I imagine that it was simply a well-intentioned employee of the SSL vendor wanting to share some good news. However, the net effect was extremely bad; by not disclosing their affiliation, the commentator turned their good intentions into comment spam.
(And they caused all of the consequences that usually ensue. For example, I am going to do my level best to insure that we don't buy our eventual SSL certificates from that vendor.)
So here is a message to all vendors, and to everyone who works for them: proper disclosure is not optional. There is no surer way to throw away any possible goodwill you might have and give yourself an indelible and unpleasant reputation than to act like a covert marketer. People these days are more and more sensitive to things that look like marketing, 'astroturfing', and outright spam (and the lines between them are awfully thin), and they react very badly; you become a untrustable, slimy liar on the spot. And you will get caught sooner or later.
(Perhaps you think that you can't disclose your affiliation without your comment looking bad. Well, you know, if you can't disclose your affiliation without having your comment look like anything but a marketing message, perhaps you ought not to leave it, good intentions or not.)
(This is one of those entries that I shouldn't have to write but apparently I do.)