Content Blacklists to Prevent Spam
Ahhh... spam. I have to say that I am one of the few people that I know that loves to eat SPAM. Not counting, of course, Hawaii and all that come from there and share the same appreciation for the Twinkies of the meat world. Regretably, this post is not about that kind of spam. Instead, it's about internet spam which, in my opinion, really puts a negative spin on the word. Why couldn't they call it "grissle" or something that is truly gross, rather than "spam" which is a delicasy in some people's eyes. Semantics aside, the internet is flooded with it. Late last week I re-programmed our article comments mechanism since some people where having some issues with the Ajax interface.
To start with, I'll just say "lesson" learned for the Ajax thingy. In the months and months since the new site was developed, I have learned a lot more about JavaScript and Ajax, and I have a new philosophy. Make sure everything works great without JavaScript first, then come back through and introduce fancy Ajax stuff. That makes for a degradable solution that works like a charm. Either way, I removed the JavaScript from the article comments and have now been amazed at the amount of spam that comes in. Since the little automated robots that go around and post to forms couldn't submit Ajax forms, they were being filtered out quite effectively. There are, of course, many solutions to this using JavaScript. But how to you block spammers while also maintaining a degradable application?
My answer is going to be a content blacklist. We've all seen these in Blogs and in Forums, where the administrator can define a list of words that spammers commonly use. If any of those words are found in a submitted article comment (for example) the comment would be discarded and ignored. Not a bad idea, and for me that may be the answer. I have some temporary filters in place to stop the more immediate spammers, like the guy that slipped in about 50 of those each day this weekend, and will be implementing a blacklist soon. Hopefully that works.
If not, I'm going to have to go a step further and require that people submitting an article comment will need to enter the code that they see in the image on the screen. I would prefer not to go that far, but we may have to. In my estimation it will prevent some users, albeit a small amount of them, from submitting comments. Plus, I personally am annoyed by those things, even though they do not stop me from using them. I guess ideally we wouldn't have them, but if the blacklist doesn't get them all, the combination of an image code and the blacklist should be enough to keep us spam-free.
At which point I'll have a little extra free time in the afternoons to sit down and enjoy a heaping SPAM sandwich. Wouldn't life be good without Internet spam?
This post is filed under Developers' Corner and has the following keyword tags: spam, email, ajax, javascript.
