One of the most common forms of comment and pingback spam right now is the relatively subtle, ambiguous kind — short phrases or questions that are not obviously spam, at least on face value. Since we last posted about this, the more sophisticated spammers have progressed from old standbys like “nice post” and “great blog”, to more cunning things like questions (“where can I download your theme?”) and appeals to your helpful nature (“I’m having trouble subscribing to your RSS feed”).
Akismet almost always catches these kinds of bogus comments.
The tip-off of course is that they often include a link to a site that’s advertising dubious or sleazy merchandise (or worse, a web site that harms the viewer’s computer). But it’s easy to forget to look at the link before approving a comment, or give the comment author the benefit of the doubt without checking closely. And spammers have recently learned to post several comments over time, the first of which contains no link or obvious clue. (We call these precursor spams).
Anyway, a comment is a comment, right, so what’s the harm in approving a few tame platitudes, even if they were posted by spammers?
Unfortunately it is harmful, and most of the damage is to your own site.
By moving these comments out of your spam folder and publishing them on your blog, you’re doing three things, all of them bad:
1. You are undermining your site’s SEO.
The spammer’s web site might seem inoffensive on face value. But the black-hat SEO and spam methods used by its promoter are not. That same spammer is busy building backlinks from anywhere they can find them, including some of the web’s worst neighbourhoods. By regularly publishing links to spammers’ web sites, you’re giving Google and other search engines a hint that links from your blog are poor quality.
Now it’s true that Google will try not to penalize a web site for inadvertently linking to a bad neighbourhood. But even if they don’t, you are weakening the value of each of the other links from your blog – “diluting your GoogleJuice”, if you like – and helping to validate the spammer’s web site. In some cases you might even find that you are helping the spammer overtake your blog in search engine results.
2. You are attracting more spammers.
Less skilled spammers will deliberately seek out blogs that other spammers have successfully spammed, because they know they are easy targets. Organized spammers circulate lists of such blogs (for a small fee of course). And professionals keep their own lists of previous victims, because they know future spam is even more likely to be approved there. By letting some spam through – even seemingly harmless ones – you are providing a signal to spammers that your blog is a profitable target. (Experienced bloggers will be familiar with this phenomenon: you accidentally approve one seemingly unremarkable spam comment, and a big batch of ugly spam follows soon after).
WordPress and many other blog applications have a feature, independent of Akismet, where regular users who have had at least one comment approved, will automatically skip the moderation queue next time and have their comments published right away. Spammers know this, and they’ll come back to take advantage of it. Often they’ll link to a harmless looking site in their first comment (or include no link at all), but link to progressively more blatant spam in subsequent comments.
3. You are damaging your reputation.
You might not click on the links in all the comments on your blog, but some of your readers will. And some of those links will go to sites that are sleazy, offensive, or harmful.
Worse still, a spam tactic that is becoming more popular is to first post a small number of spam comments on innocent blogs; then send a large volume of spam to other web sites linking to the blog post that contains those comments. (They do this to try to get around spam filters and blacklist that recognize and catch links to their own site).
If you do publish spam comments on your blog, you might discover later that thousands of other blogs and forums have been spammed with links to your blog.
So what should you do about it?
Akismet will almost always catch these comments and put them in your Spam folder. Usually you don’t need to do anything; just don’t approve them for publication.
We have a real-time view of spam activity on millions of blogs around the world, so we can detect patterns in behaviour that can’t be seen by looking at any one single comment. If a bland, generic comment turns up in your spam folder, you should be suspicious of it – Akismet flagged it for a reason. Think twice before approving it for publication. Unless you know the author, it almost certainly is spam — or a subtle precursor to it.
Also, keep an eye out for forthcoming Akismet updates. In addition to our usual work behind the scenes monitoring and adapting to new spam techniques, we’re developing some new features designed specifically to help protect against the potential harm done by spammers.