An exciting development today, coincidentally hot on the heels of our 0.7 release: The existence of the Validator (and other tools now using the same techniqu
e) has forced spammers to change their tactics.
Well, it took them half a year to figure it out, but tonight it happened: I received a spam pingback (spingback?) from a spam blog, and the Validator let it through clean. Which is should have, because indeed, the splog sent its pingback the way any pingback is sent: Via a post that contained a valid permalink to my targeted blog posting, obviously obtained via an automated scraping program.
So, what’s happened here? In order to successfully submit a spam TrackBack, a spammer has to:
- Set up a real blog (or blog-like website).
- Create a stable URL (like a blog post).
- Link from this post to your site.
- Send you a TrackBack from the stable blog post URL.
We knew this would happen (assuming the writer means TrackBack instead of Pingback) and consider this a victory: The
spammer is now giving you PageRank, but more importantly, his website looks just like a blog. It is, effectively, a real blog. Who’s to say he’s a spammer and not just another blogger out there (the contents of whose blog you’re not particularly impressed by)?
At this point, we’ve moved into a more philosophical area of spam prevention. I’ll still argue that this is a victory, however. Consider this: What if we “defeated” email spam to the point that the only “spam” you ever got in your INBOX was personal
notes, hand-written by advertisers, custom-tailored to your interests? Is that even spam anymore, or just email you’re not as interested in? I argue we’ve now made this exact leap with TrackBack spam.