No Comments for You

January 4, 2005

I hate comment spam as much as the next person (which is why you have to type in those annoying captcha things when leaving a comment), and so I was thrilled to find a Spam Assassin plugin for WordPress (which I run on several sites, just not this one).

Until I got to the bottom of the post.  They check the various blackhole lists, and since I’m on Comcast (my desktop, not my site), my current dynamic IP address is listed.  No big surprise—Comcast doesn’t block port 25 (at least not in all areas), and as a result, a lot of e-mail spammers live there.  Going through the lookup, the blackhole list collected some e-mail spam from this IP address in June (when I had a completely different IP address, that being what “dynamic” means.)

So I’m not allowed to comment on the post.  Not that I really wanted to, mind you, until I saw that, but still.  Won’t I be thrilled to see this plugin become widespread?

The post also contained this little note:

Comcast is spammer friendly. 45% of last weekend’s comment spam came from the Comcast network. If you’re a Comcast customer, put pressure on them to clean up their act, or find a new ISP if they won’t. Businesses which turn a blind eye to spammers don’t deserve your money.

Which is easy enough to say, of course.  I live about 23,000 feet from the local telco CO, which means my choices for internet access are Comcast, or dialup.  Comcast may not deserve my money, but unless I move, they’ve got an impressively tight grasp on my cajones.  Complaining to them about a loose connector on the phone pole that put me offline last summer took 10 days to get fixed, so I’m sure a complaint to them about their comment spam policies would get a real impressive amount of their attention also.

Interesting that this mentions 45% of comment spam coming from Comcast, a number I hadn’t heard before.  I know Comcast is a great source of e-mail spam (since I get a staggeringly high amount of e-mail spam), something they could largely solve by blocking port 25, as many or most ISPs do these days. 

I’m not sure just how they’re supposed to solve comment spam, however, other than deal with it on a reported case basis—which I’m sure they’d probably be lousy at, but I’ve not heard of any organized approaches to reporting comment spam anyway, at least not nearly like there is for e-mail spam.  It’s not like most of their customers would put up with them blocking port 80 (ie: all web traffic).

I’m sorry, I’m as hard put to deal with comment spam as the next guy (I don’t like cleaning up 7,000 comments about “online poker” any more than anyone else does), but an approach that a) automates out people on dynamic addresses from substantially large ISPs while b) not providing an alternative for people snagged by the automation (force them to enter a captcha, moderate them, etc.) seems to me to be a tad bit over-dependent on the reliability of the mechanism.

(Track’d back to the source post, which also bounced.  I guess he doesn’t like my horse, either)

Be Sociable, Share!


One Response to “No Comments for You”

  1. IO ERROR on February 5th, 2005 2:34 am

    No offense intended. The block causing you to be unable to post was removed shortly afterward, since I determined it (1) had way too many false positives, and (2) the comment spam coming from Comcast was getting caught by other means anyway. It also killed your trackback, which is why I didn’t find out about this posting for a good month or so. Sorry!

    The 45% figure came from pulling ARIN records on every unique IP from which I received comment spam on 31 Dec and 1 Jan. Comcast has done quite a lot to stop email spam, but at least in parts of the network, but it hasn’t been enough to make a very big dent in the overall outgoing spam flow. For instance, you may find they block outgoing port 25, but do they also block port 587? I also notice they are blocking a lot of incoming ports as well now, but not quite enough. There are way too many malicious programs out there, and 65535 ports to choose from…and at some point, these blocks will start interfering with legitimate connections. Or the already-installed spambot can just contact a remote site for instructions. I know of at least one spambot that does this, making the inbound blocks ineffective.

    As for captchas, I hate them with a passion, and you simply will never see one on my site. I decided moderation was probably the best route to go with such comments. Although there are still a few addresses which are blocked entirely, anyone affected can easily have their IP address removed from the block list.