eet ees, ‘ow you say, spam

Sat Jan-27th-2007 // Filed under: Spam Patrol

And it keeps on coming in! The spam I get in my comments here is mostly not a problem at all, because Akismet essentially gets it all. Sometimes something slips through, but that’s so rare that I’m always a little surprised to see something actually ending up visible on the site — if Akismet doesn’t get it, chances are that the moderation filter does.

Spamming is all about brute force — you try to get as much volume as you can and simply saturate internet with your shit. You know perfectly well that there’s no way your average reader falls for it, but there’s always a percentage of suckers out there. That’s your target audience right there. And as people get smarter and filtering methods improve, all you can do is increase volume.

Of course, spammers also try to be sneaky and fool you into thinking that you’re getting real messages from real people. They try this in e-mail by trying to make their e-mails look like a real person is telling you to get a harder erection. This fails miserably, of course, because it’s obvious to even most morons that not only do they not know a “Caleb Cates”, but also that it’s very unlikely that Caleb there would suddenly decide to spout stock tips at them. It’s not how people communicate.

Blog comments, on the other hand, allow for some degree of stealth, because at least in theory, you can leave innocent-looking messages and just paste in a link in the right field, and hope that people click on that link out of curiosity. Especially if you can make it look like someone’s digging you, it’s only natural to assume that people will check out who this nice person is and click on their name in the comment.

But increasing volume and being sneaky doesn’t go hand in hand, and spammers being spammers, they manage to fuck this simple principle up. Case in point:

Bonjour! What a super websight! Very refreshing to peruse from where we live in Paris (France). I eat frogs and drink wine. Woold like more informatons on this. Best regards! Mikael.

Way to be subtle, dorks. I am now convinced that you are indeed a Parisian guy. After all, who else would eat frogs — or drink wine? It’s these convincing little details that bring him to life! Even if this ham-handed approach wasn’t bad enough, though, they go the extra mile and have “Mikael” leave the message not using that name, but “cheap tramdol”. (It’s spelled Tramadol, guys. C’mon, at least try.)

All this might still fly. But then their stupid spam robot leaves this same comment, oh, say, fifty times. And at that point, what’s left of Mikael’s credibility is shot to hell. Even if I was dumb enough to believe that Mikael over there really likes my “super websight” and I am now King Shit, Ruler of the Internet, I hardly think he’s going to say the same thing fifty times.

This is getting to be an increasingly popular form of spam. Here’s another one, very typical of the way they do things. It was from the charmingly named “Info”, who is undoubtedly an avid Star Wreck fan.

Hi I thank you for a wonderful site. You have done very good job.

Well, going through the ego is not a bad approach. Oh, look! They like me! Taken at face value, you could be forgiven for mistaking the one above for a genuine compliment, for example — especially as there’s no link to what they’re selling, because your average spammer is fairly incompetent and can’t be bothered to ensure that they spam bot’s actually working. But even if I wasn’t inclined to check if the links are pointing to some crappy mortgage/herbal viagra/tramadol/poker site and wasn’t a generally suspicious person, I’d undoubtedly realize that something was up when I found twenty of identical messages from “Info”.

Here’s another one that’s a little smarter.

I got the same tramadol attack… well, not the same, because it was only about 20 comments instead of 90, and i didn’t have any filtering set up, and I just deleted them one at a time… hmm.. the only thing really in common was that it was about tramadol… what filter do you have set up that caught them all?

And, of course, the link it left points the user to a site that’s selling Tramadol. But this one seemed a little too coherent to me, so on a whim, I did a little Google search on this one and found that it’s actually a real comment on this post, posted about two years ago. So some spammer either manually chose that comment or his spam bot did it for him, but either way, this comment ended up being the content of a spam message. I’ve seen other messages in the same vein, and they tend to look a lot more convincing — sometimes I actually have to think whether they are related to the post they’re left in response to.

Not for long, though. Sure, this is a little more sophisticated approach than we usually see, but it’s still no problem to spot these comments for what they are. Not only do they have nothing to do with my original posts, but they show up multiple times — if I see something twenty times Akismet spam list, I don’t even have to glance at the link. It’s a little ironic that spammers mostly screw it up for themselves by oversaturating their targets.

And they do oversaturate. I think I’ve spent a total of thirty minutes writing this post, and in that time, I’ve received about 50 pieces of spam. Akismet got ’em all. If they wised up and just sent in one well-camouflaged comment per blog, I think they’d generally get a lot better results. Luckily, spam is all brute force and no guile. It’s not sophisticated or clever.

Not yet, anyway.


  1. HI! You have a nice blog. Please see mine too!

    (ehkä ei :D mutta aiheellinen postaus oli )

    Comment by seligseo — January 27, 2007 @ 1169938618

  2. But they are getting better. I’ve gotten a few recently that I’ve had to actually read before figuring them out for what they are.

    One of these was a PayPal phishing effort which was so good that I had to check PayPal’s guidelines for determining fake emails to see through it.

    Comment by Joonas — January 28, 2007 @ 1169949107

  3. Really? What was that one all about?

    Comment by Mikki — January 28, 2007 @ 1169952449

  4. Well, a basic phishing scheme asking me to log in to my account, but they’d gone the extra mile and not only made it look genuine, but gotten a somewhat believable URL for the site. There weren’t even any typos! The one mistake was really only that they didn’t address me by firstname, lastname, as PayPal apparently always does.

    Comment by Joonas — January 28, 2007 @ 1170015167

  5. Ah. Well, I’d say that simply never clicking on any e-mail link that you get in your inbox is a pretty solid rule. There’s just no inconceivable reason for any service to send out a message like that unless you ask for one. Certainly not one that threatens that they’ll close your account otherwise, which tends to be the case.

    Comment by Mikki — January 29, 2007 @ 1170074762

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.


Copyright © Mikko Rautalahti, All Rights Reserved
WordPress makes with the publishing.