Blog spam: This too shall pass

For years I researched and wrote about all sorts of schemes we'd use to win the spam war. Micropayments. Bonds. Digital certificates for mail servers and for people. They all sounded reasonable and they all still do, but while we were debating the options, spam went away. Well, OK, it didn't go away, but I stopped seeing the vast majority of it, thanks to the cumulative effect of filters applied to servers and, back when I used a fat mail client, there as well.

One definition of social software, Clay Shirky has said, is stuff that gets spammed. It was inevitable that what happened to email would also happen to blog comments and blog search. Tag systems are vulnerable too, as Clay pointed out.

A couple of years ago, I thought there was no way filters would be able to cut this ice, that we just didn't have the necessary pattern analysis chops. But now I think I was wrong about that. I've been monitoring the arms race between filters and email spammers for a couple of years now, and -- at least from my perspective -- the dikes are holding.

Whether to re-enter that arms race in the realm of blog comments is another question. From time to time, folks like Jerry Slezak notice that I've got comments turned off here and ask: Is a blog that doesn't allow comments really a blog? I suppose you could argue that Scripting News and ongoing and a bunch of others aren't really blogs, but I wouldn't. And while I probably could deploy filters and captchas and require folks to jump through hoops in order to write comments here, that doesn't conform to my notion of blog community.

I don't want to jump through hoops on your site in order to engage with it, and I don't want you to have to jump through hoops here in order to engage with me. Ownership of your own stuff, and federation by linking to other people's stuff, are the twin pillars of the blogosphere. When other people's stuff reaches out and touches my stuff -- as Jerry Slezak's recent comment about my flood screencast1 did -- I find out about it pretty quickly and pretty reliably. The system isn't perfect, but it's awfully good and I don't see why it can't keep improving as we we tune our pattern analysis and make better use of the implicit arms-length trust relationships that are the blogosphere's glue.

If spambots ever pass the Turing test we'll be hosed, but in that case, spam will be the least of our worries. Meanwhile I'm standing down from red alert.

1 Jerry, you're right, I should have used playback controls on that flood screencast. Normally I do, but that one was done in a rush and I skipped some steps in order to get it out in a timely fashion.

Former URL: