One of the most common forms of comment and pingback spam right now is the relatively subtle, ambiguous kind — short phrases or questions that are not obviously spam, at least on face value. Since we last posted about this, the more sophisticated spammers have progressed from old standbys like “nice post” and “great blog”, to more cunning things like questions (“where can I download your theme?”) and appeals to your helpful nature (“I’m having trouble subscribing to your RSS feed”).
Akismet almost always catches these kinds of bogus comments.
The tip‑off of course is that they often include a link to a site that’s advertising dubious or sleazy merchandise (or worse, a web site that harms the viewer’s computer). But it’s easy to forget to look at the link before approving a comment, or give the comment author the benefit of the doubt without checking closely. And spammers have recently learned to post several comments over time, the first of which contains no link or obvious clue. (We call these precursor spams).
Anyway, a comment is a comment, right, so what’s the harm in approving a few tame platitudes, even if they were posted by spammers?
Unfortunately it is harmful, and most of the damage is to your own site.
By moving these comments out of your spam folder and publishing them on your blog, you’re doing three things, all of them bad:
1. You are undermining your site’s SEO.
The spammer’s web site might seem inoffensive on face value. But the black‑hat SEO and spam methods used by its promoter are not. That same spammer is busy building backlinks from anywhere they can find them, including some of the web’s worst neighbourhoods. By regularly publishing links to spammers’ web sites, you’re giving Google and other search engines a hint that links from your blog are poor quality.
Now it’s true that Google will try not to penalize a web site for inadvertently linking to a bad neighbourhood. But even if they don’t, you are weakening the value of each of the other links from your blog – “diluting your GoogleJuice”, if you like – and helping to validate the spammer’s web site. In some cases you might even find that you are helping the spammer overtake your blog in search engine results.
2. You are attracting more spammers.
Less skilled spammers will deliberately seek out blogs that other spammers have successfully spammed, because they know they are easy targets. Organized spammers circulate lists of such blogs (for a small fee of course). And professionals keep their own lists of previous victims, because they know future spam is even more likely to be approved there. By letting some spam through – even seemingly harmless ones – you are providing a signal to spammers that your blog is a profitable target. (Experienced bloggers will be familiar with this phenomenon: you accidentally approve one seemingly unremarkable spam comment, and a big batch of ugly spam follows soon after).
WordPress and many other blog applications have a feature, independent of Akismet, where regular users who have had at least one comment approved, will automatically skip the moderation queue next time and have their comments published right away. Spammers know this, and they’ll come back to take advantage of it. Often they’ll link to a harmless looking site in their first comment (or include no link at all), but link to progressively more blatant spam in subsequent comments.
3. You are damaging your reputation.
You might not click on the links in all the comments on your blog, but some of your readers will. And some of those links will go to sites that are sleazy, offensive, or harmful.
Worse still, a spam tactic that is becoming more popular is to first post a small number of spam comments on innocent blogs; then send a large volume of spam to other web sites linking to the blog post that contains those comments. (They do this to try to get around spam filters and blacklist that recognize and catch links to their own site).
If you do publish spam comments on your blog, you might discover later that thousands of other blogs and forums have been spammed with links to your blog.
So what should you do about it?
Akismet will almost always catch these comments and put them in your Spam folder. Usually you don’t need to do anything; just don’t approve them for publication.
We have a real‑time view of spam activity on millions of blogs around the world, so we can detect patterns in behaviour that can’t be seen by looking at any one single comment. If a bland, generic comment turns up in your spam folder, you should be suspicious of it – Akismet flagged it for a reason. Think twice before approving it for publication. Unless you know the author, it almost certainly is spam — or a subtle precursor to it.
Also, keep an eye out for forthcoming Akismet updates. In addition to our usual work behind the scenes monitoring and adapting to new spam techniques, we’re developing some new features designed specifically to help protect against the potential harm done by spammers.
Akismet 
That is a quite true post – I have been having such kind of spammers in my blog, but I have polished all of them. It is obvious they are spammers.
Amen to that. I wrote about this in my blog. There really are spam comments that are less obvious, that people not honed into this type of comments might have just approved it, without second thoughts. We really need to help each other in fighting these spam comments.
I am quite surprised by how many times I run down the list of comments to approve them, but catch myself just before approving a spam comment!
They are often really hard to detect, and are getting more difficult.
I think that #1 (You are undermining your site’s SEO) is not true when links in comments are nofollowed (which, in WordPress at least, is done by default).
In my view, the main damage comment spam does is reducing the value and interest of a discussion for human visitors. (Which, of course, translates into SEO damage, since the best SEO is optimization for humans.)
Cheers!
Seriosly, it’s like a snowball effect. I’ve been caught up in it a couple of times. One of the problems I have on my blog is that people leave a lot of comments that are written in poor English. No one wants to be labeled a racist or prejudiced, but sometimes I just can’t bring myself to approve comments written in poor English. Most of the time they’re precursor spams, as you say, by Indian tech firms practicing blackhat SEO techniques.
Drives me crazy! Great post.
well,I completely agree with you.Now a days It is the most prevailing problem and most of the time the spammers are disguising themselves as valid users.Thanks to Akismet for the perfection to detect most of the spams.
Anyway ,thanks for reminding about the SPAM and SEO impact.
regards
Brajesh
You’re right about how spammers use RSS feed and how we almost approve them, since they’re no longer using email addresses ending in .ru. They’re now using gmail addresses. Akismet blocked a lot of “Hello, I can’t understand how to add your blog in my RSS reader” and “Welcome to GoogleReader.”
Again, a million thanks for Akismet.
I recently had to work with the dydns abuse team to deal with a recent uprising of spam I had. Akismet went from catching around 20 spam comments every couple of days to 400-500 almost everyday.
The only frustrating thing is I a lot of times like to browse through my spam box to catch trackbacks from legit and well known websites in the web design / development community that were mistaken for spam, but searching through 500 submissions just wasn’t an option.
It seems also the most spam targets nearly any post dealing with Google or SEO, as one might assume anyway.
Anyway, even after the dydns abuse team essentially told me they gave up, I still have my Akismet WordPress Plug-in, heh.
I received this comment today:
“Hello, I can’t understand how to add your blog in my rss reader”
When you look closely it is obviously spam, but just based on the text I could see how a novice blogger would approve it without thinking twice!
If you almost approved some of these, then you’re in too much of a hurry or maybe sleepblogging. I just checked through my spam queue and out of the hundreds of precursors and semi-literate kindaspams, there was not a single one that even remotely caused me to give pause. None of them are relevant to the topic at hand, they’re written in a language that a four year old would be ashamed of, and they usually hit the same blog under different names with the same exact message multiple times within seconds. And those ambiguous ones(for instance: “wow, interesting point of view.”) They should be deleted simply on the principle that it’s a completely useless comment, spurring no thought, reciprocal comment or other action.
Akismet is a godsend for saving time however it never saved me from almost approving a spam comment. To date, I’ve been conscious when administrating my blog and I’ve not yet had a lobotomy.
This is a great article! I’d love to share it with my readers, as well as to reward you by sharing a little wealth I inherited from the king of Nigeria. What is the routing number for your checking account, so I can deposit the money there?
I am a novice blogger and as yet don’t have much traffic coming to my blog. But within two days I will have 100 messages in my spam folder, which have been caught by akismet. These messages are always from a gmail account, and are full of hundreds of words (keywords I imagine). Because it’s too tedious to look at all of the messages, I just delete them all in bulk. I’m trusting that they ARE all of the same (I have checked when there might be a lesser number).
I don’t understand why people do these things, and especially if they’re caught by spam filters, but they are a real nuisance. I wonder what I’ve done to my blog to attract them.
One of the telltale signs of SPAM, no matter how sneaky it gets, is that it rarely has any direct relationship with the post. The most prevalent and sneakiest types of spam I see now flatter you in some way… who wants to delete that?!
Great article and gets right to the point. All bloggers should read this and take note. It’s amazing what these low life spammers will do to make life miserable for everyone. Everyday I am bombarded with these worthless comments and spam emails which are nothing more than a pain in the ***… my links are all “nofollow” and all comments must be moderated… if they’re in my spam folder, they’re history! I don’t even bother to read them. Thank God for Akismet!
Thanks for the valuable tip. I went through a period of two or three weeks where one particular post on my blog was attracting hordes of spam comments. Askimet caught them all, but when the total hit 130 I got tired of clearing out the filter and just turned off comments for that post. That seemed to fix the problem. Thank you, Askimet! You turn a major headache into a minor irritation.
Nice post. I was just talking to a buddy of mine the other day, and as always, our conversation turned to how our sites are doing.
I mentioned the “nice theme” & “help with RSS” spam I’d been seeing lately, and marveled that it took so long for spammers to realize that they could be more successful if they attempted to post comments that might sneak by an admin.
Anyway, Akismet has successfully labeled all of these as spam, which is really just fantastic. Keep up the good work.
It’s ok to approve those short, inconspicuous comments… just be sure to go in your admin and remove their website link if you suspect they might be a spammer.
Automatically deleting their “nice post” comment can be more harmful than just leaving it. They could become an avid reader but might feel unwelcomed by their comments being deleted from the discussion. Not to mention it looks good to have more comments right? It encourages other readers to comment too.
Let’s not get overly paranoid against these lame spammers…
BTW, great blog.
Yep, the spammers get ever more subtle … it’s a classic “arms race” … and the damage is real.
Akismet continues to be close to 100% accurate both ways. Even the russian / cyrillic comments seem to be being blocked now, which is very good.
The subtle and pre-cursor posts, or doubtful comments, I tend to hold, and send a mail to directly before either accepting or rejecting. If I don’t get a credibe human response … I know what to do.
There is a whole class of comments (& mail) that is not exactly spam, in the sense that it is not linking to dubious or dangerous sites, but where the commenter has a hidden, fake or dubious agenda to communicate related to your posting. But that’s a whole ‘nother story … people.
I emphatically agree here, especially with the fact that if spammy links end up on your page anywhere, even in name url’s, once the Goog and others follow those links to their spam destination it’s going to dock a point on your own site for linking to theirs. They don’t, and probably shouldn’t consider it’s a comment because every webmaster/blog owner has the ability to moderate their comments.
Nice blog. Can I have your theme? ….
….j/k. Great article. Coming from someone who is about to launch their own blog (independent of wordpress or any other engine) do you have any advice on techniques to keep these spammers away?
I have a rule of thumb. If the commenter left a URL, I’m unsure if the comment is spam or not, and the site at the URL is commercial, I delete it.
I totally agree. I just launched a blog and get user leaving comments that have nothing to do with that blog. They then tend to leave multiple links on the post. It really is annoying…
In my view, the main damage comment spam does is reducing the value and interest of a discussion for human visitors. (Which, of course, translates into SEO damage, since the best SEO is optimization for humans.)
I often do a G search for the comment text for doubtful comments, surprising how often I find that they have repeated the comment elswhere – sometimes many times.
If it only show on my own blog I can let it through.
Rhys