jotsheet

Recommended reading: Six Apart Guide to Combatting Comment Spam.

This is direct from the makers of Movable Type. Because I’m such an opinionated fellow, I’m gonna take issue with the recommendations in their guide. I suggest you use their page as an overview (for which it is excellent) rather than a set of prescriptions (for which it is flawed).

Specifically, they use strong language to warn against James Seng’s excellent SCode plugin, which allows for the use of a CAPTCHA in Movable Type blogs. Instead, they recommend a cocktail of plugins and upgrading to the latest version of Movable Type. (I’m still on Movable Type 2.66, since Six Apart managed to release MT3 with [count 'em] zero new features that interested me. Once again, all of MT’s innovation springs from their plugins authors, who don’t make a dime from their efforts, while MT goes corporate and charges for software built on plugin functionality. Alas, I’ll save that rant for another time.)

Let’s get back to the basics here. Spammers use bots (automated programs) to spew spam, whether of the comment spam or e-mail spam variety. We want humans to comment on our weblogs. Therefore, if we distinguish between bots, which should never be permitted to comment on blogs, and humans, which should always be able to comment on blogs, we’re set. (To amend that, if we’re dealing with a jerk of a human, we can selectively lay the smack down with IP bans or by manually deleting comments.) Hey, let’s try that again. Repeat after me, Mena, Ben, Anil, Six Apart staff, and the Rest of the World:

If we distinguish humans from bots and allow only the former to comment on blogs, we eliminate comment spam.

The test to distinguish humans from computers is called a Turing test, and the classic example of such a test is a CAPTCHA. Hey, now—I’ve heard of that. It’s James Seng’s SCode! I even blogged about it!

But Six Apart is very negative on CAPTCHAs. Here are their “cons” on the CAPTCHA option for combating comment spam:

Cons: Numerous. First, an image-based CAPTCHA is impossible to solve for people with impaired vision, those with reading difficulties (e.g. dyslexia), or those using text-only web browsers. If the only way to comment on your site is by solving an image-based CAPTCHA, you have a serious accessibility problem.

Plus, because CAPTCHAs are in use on numerous high-profile sites, such as Yahoo Groups and PayPal, spammers have devoted significant effort into automating ways to solve them. For example, this report by Cory Doctorow at Boing Boing indicates that spammers have begun using unsuspecting web surfers on other sites to do the work for them in real-time.

What Six Apart fails to mention, of course, is that spammers always go for the low-hanging fruit. Circumventing CAPTCHAs by tricking Web users to solve image CAPTCHAs on porn sites is not low-hanging fruit.

Oh, and since Six Apart is so concerned about accessibility, here’s a screenshot from my Movable Type administration screen (MT 2.661), as viewed in the text browser Lynx. Talk about walking the walk. (UPDATE 1/5/04 [evening]: Here’s a screenshot of the MT3 admin interface. This backs up Anil’s assertion that the accessibility was improved greatly as MT moved from v2 to v3. Thanks to Jason.)

To be fair, image CAPTCHAs are impossible to solve in text browsers and for visually impaired users. If SCode were extended to be solvable by audio as well, as I’ve seen this in some cutting-edge websites, its accessibility would be greatly improved. That way, the numbered produced in the CAPTCHA could be viewed or listened to and then entered in a form to solve the Turing test. And ultimately, we’re dealing with beautiful simplicity: distinguishing humans from bots to stop spam.

UPDATE 1/5/04 [afternoon]: James Seng pointed out to me in an e-mail exchange the ultimate hypocrisy of Six Apart: their TypeKey registration form uses a CAPTCHA! You can’t make this stuff up! Other bloggers have noted this and roundly criticized them. Even worse, as noted by these bloggers, they fail to provide a “Contact Us” form or audio alternative for visually impaired users to work around the image CAPTCHA (UPDATE 1/5/04 [evening]: Shelley offers a correction). All of this comes after Six Apart’s clear antagonism toward SCode.

Once again, Six Apart fails to walk the walk.

Another take on comment spam

I highly encourage you to check out Winds of Change.NET’s Guide to Fighting Comment Spam. You’ll notice that they recommend against TypeKey and seem intrigued by SCode. But there’s much more, so give it a looksie.

Other sites talking about Six Apart’s Comment Spam Guide

• Discusion at Six Apart’s Professional Network: Conversations about the Comment Spam Guide
• John Dowdell: Blogspam guide
• Dullroar: Movable Type’s Useless Guide to Comment Spam
• Stuff.: Gruber’s Guide to Comment Spam. (I learned from this that John Gruber of Daring Fireball wrote the Six Apart guide. He’s a good guy, and a good writer. I cited him in a previous jotsheet entry denouncing Eric S. Raymond.)

Share This