spam Archive

Over the first two weeks of this new year, I’ve noticed more malicious advertising than last year. Online advertising network optimizer Rubicon Project has announced the launch of a new security service named Rubicon Security that aims to reduce the number of malicious ads across the Web.

Rubicon receives data from ClickFacts regarding malicious ads and then processes the information against ads being served through their network to help lessen the possibilty that a malicious ad will ever be seen by a consumer.

From the announcement, “ClickFacts Ad Network and Publisher Management Suite enables Rubicon Security to automatically scan all ad tags, advertising creatives and publisher pages for content and malware before delivering advertisements, allowing publishers to manage the high volume of ad tags on any given page while dramatically reducing the potential of malicious attacks. Additionally, Rubicon Security continues to monitor the ad tags once they are served to ensure malware doesn’t attack the campaign.”

When malicious ads are served, they can damage not only a user’s computer but also the reputation of the website or brand. Also, by removing the malicious ads, Rubicon can serve legit ads which are more likely to be better paying as well.

The Rubicon Security service only works for publishers within the Rubicon network. Also of note, Rubicon is now describing their company as, “the Internet advertising infrastructure company.”

We initially reviewed spam prevention service Mollom back in April and I noted that it gave me back an hour a day because I didn’t need to spend as much time picking out the good comments in the thousands of spams we get a day. I worked with the Mollom team of Dries and Benjamin over the summer to get the plugin working correctly on CN. There were tweaks on both sides that needed to be implemented because of our cloud computing setup.

Since the kinks were resolved, Mollom has worked really well. It seems at this point that only Svetlana has issues posting comments from Russia – no matter what I’ve tried, I can’t get them to come through! Mollom has been working as well on CN with our Drupal setup as Akismet works on our WordPress-based blogs.

Mollom has made three big announcements over the past week: leaving the beta period, hit 10 million blocked spams and their pricing model.

The pricing model is listed on the Mollom site and there are free and paid options. The differences are simple. The free account is limited to 100 blocked spams a day and there’s no uptime guarantee. The paid plan is $30/month 30 Euros/month and blocks up to 10,000 spams a day and has a more robust environment and support policy.

I don’t see many WordPress users switching from Akismet to Mollom. I do imagine that with the right marketing plan, Mollom could do very well for a variety of CMS and blog platforms that don’t already incorporate a spam protection tool. Once the base is strong, then go after the platforms that have built-in spam protection tools.

We are going to remain on as a tester for Mollom going forward to provide feedback and a testing platform as they improve the service. My hope is that they will create hooks into other Drupal features like trackbacks – I sure would love to turn those back on sometime!

Update: Andrew has a good spam prevention comparison from earlier this year.

Ten days ago we posted a review of the new Mollom spam protection system. What I learned over the next few days is that every comment/tech directory listing that a CN reader attempted to post was hit with a message suggesting that the comments or tech directory listing might be spam.

I posted a message on the Mollom support forum along with the Drupal support forum.  Thursday I decided to attempt to email the Mollom founders, explain the situation and tell them that if we can’t get this fixed, I will need to remove Mollom as my readers are mad!

After a brief email exchange with founders Benjamin Schrauwen and Dries Buytaert, they were able to get the problem fixed. Apparently there was a bug that caused some sites (i.e. ours) to force all comments to show as "unsure". The "unsure" flag forces the CAPTCHA validation.

In summary, the issue has been resolved and you should now be able to comment quickly and easily. Big thanks to Dries and Benjamin for immediately resolving the issue and thank you for your patience!

On a related topic, you can now subscribe when you post a comment. Check the subscribe box and you will receive an email when someone replies. It’s a great way to keep the conversation going!

Here on CenterNetworks, we use the Drupal content management system and have tried a variety of spam blocking applications. Earlier this month on HTMLCenter, I explained how I believe spammers are able to attack posts we create within 1 second of posting. I’ve tried the basic spam plugin which was barely effective, Akismet which I believe is the most popular spam protection service and now we are using Mollom.

On our WordPress blogs, Akismet is awesome and blocks nearly all the comment spam that comes in. For some reason with Drupal, it seemed to let through a good bit of spam both in comments and in the Web Directory.

Last weekend I installed the new Mollom spam prevention service. Mollom was founded by Dries Buytaert who also founded the Drupal project. Perhaps that’s why the first Mollom plugin is for Drupal. Installation went very smoothly and I was up and running in minutes. The plugin provides a chart showing the number of spam messages destroyed by Mollom.

Mollom works differently than Akismet and also different than CAPTCHA verification. CAPTCHA verification forces each user to enter a code to let the system know they are human. I found adding this forced verification reduced the number of comments on CN – you want to make it as easy as possible for people to interact.

At a basic level, Akismet looks at each comment, compares it to their list of spam and if it’s deemed to be spam, it goes into a folder which you then have to check (or set to delete). I found that while Akismet caught the majority of the spam, going through the pages of spam looking for the few legitimate comments was taking nearly an hour a day.

Mollom works differently. When you post a comment on CN, Mollom scans the comment and if Mollom thinks it might be spam, it sends you to the CAPTCHA page. So while a few real comments might get sent to the CAPTCHA page, the majority go through without ever knowing Mollom is active. Here’s where Mollom gets bonus points. By sending the potential spams to the CAPTCHA page, I never see them and they aren’t in a spam folder – they just don’t make it. Hello one hour at the gym! So far, one spam comment made it to the live page – but it appears that comment was from a human.

Mollom works on the same pricing model as Akismet – free for most, pay for the largest sites and those that need customizations.

I’d like to see Dries add the ability to customize the message that a reader sees when Mollom thinks the comment might be spam. Right now the message suggests that the message might be spam and frankly if it isn’t sure, just ask the reader to enter the code, no reason is frankly needed. No reason to potentially piss off a reader.

There’s only one part of CenterNetworks that Mollom does not currently protect — trackbacks. If Mollom could remove the 8,000-10,000 trackback spams we get a day, I could easily turn them back on the site. Currently I have to manually look through each batch of 500 at a time to find the one valid one in between the 499 spams. It is just out of control.

Both Akismet and Mollom are some of the best spam protection services out there and while some bash when they miss, just think about if they weren’t around. I will report back after a longer period of time with more stats.

We all receive a ton of spam emails a day. Some days for me are over 5,000. Lately, CN has received a ton of spam feedback inquiries. I can't just mass delete them because it could be something important, like a note from one of my readers or from a potential advertiser. I have become good at deciding if its delete or keep within milliseconds.

And as I was going through a mass batch today, I noticed one that caught my eye. The email is pasted below. What's interesting is that this format is common with the spammers. Paste the url then attempt to use the common forum/bb format to try to get the active link into something.

What's different about this one than the other 25 in this mass batch? The first link. It's to a link on Digg. When clicking the link, you go to the Digg story page. As of now, "Bustan's" submission has 1 digg. Not sure if it's been buried but this is the first time I have seen a Digg url link within one of these spam emails. Have you seen this before? Post your thoughts in the comments.

Yes, there is a ton of spam on Digg in the upcoming. I believe what happens today is that if you have a power digger submit your story or if you have a top web site, then you have the best chance of making the home page. But without one (or both) of those options, the spammers will push your story out so quickly that it may never be found. Could this hurt the ability for Digg to continue to grow? Will Digg become basically a network of "editors" who are the power diggers deciding what goes up front? It already feels like that a bit today, what happens when the spammers put forth a full attack on Digg? Can Digg afford to have human spam removers?

When the Barack Obama web site wen't live, I decided to signup for his email notices. Not because I am or am not voting for him, but because I wanted to see how he handles the Web and this new interactive medium for politicians.

After the first 2-3 emails provided really zero in terms of substance, I decided to unsubscribe. Here is the confirmation I received on February 21, 2007:

BarackObama.com wrote:
You have been removed from BarackObama.com. If this is an error and you do not want to be removed from this email list, please resubscribe at http://ga3.org/barackobama/home.html.

About 5 days later, I received another email but decided to let it go. Today, I received another one a full two weeks after my unsubscribe confirmation. Here is a snippet of the email I have received:

Barack Obama wrote:
> Obama 08
>
> Dear allen,
>
> Become a first time donor.The special-interest industry in Washington has only grown since the last election, and it will spend more money than ever this time to try to own our political process and dictate our policies in Washington.
>
> We're not going to play that game. We're not taking any contributions from Washington lobbyists or political action committees.
>
> We're going to transform the political process by bringing together hundreds of thousands of ordinary Americans to build a campaign responsible to no one but the people — people like you.
>
> So here's something different. Right now someone is waiting to match your first online donation to our campaign, doubling your impact. If you make your first online donation now, you'll be able to read a note from the person who matched your amount, and you'll be able to write to them about why you gave.
>
> Thousands of people who've already donated to the campaign have committed to give again — but only if someone like you decides to make their first online donation. > Will your make your donation now?
> http://action.barackobama.com/match 

Besides the fact that (I believe) the emails were not supposed to be all donation emails, they have been.

So Barack, I am disappointed that you have not removed my email address from your list. While I know you probably outsource this, it is disappointing that my first interactions with you and your campaign are spam-like.

I had my car washed this week at an automatic car wash. I love when the lights come on as the car goes through so you really know you are getting the hot wax. While waiting for them to clean my 20s, I noticed a computer they had on a desk near the other air fresheners.

Wow, if I give them my email, they will give me 50% off a car wash. Considering the best wash is $35, this is a great savings. So I started to type into the box. Then I noticed something. They are collecting the emails via Microsoft Excel. Not only that, but the entire list was accessible for me. About 500 email addresses it said this week. From what I could tell, getting these names onto my keychain USB drive would have taken maybe 15 seconds.

Check my pics below (sorry for quality from cell) to see the screens.