Shostack + Friends Blog Archive


Blog Spam

Stefan Geens has a long post on why SixApart’s TypeKey system is not a good solution to blog spam. He points out that the system has bad economies of scale:

Here too, the spammer needs to sit down, get a key, pretend to be human for a minute and behave until he gets a comment approved. That’s really just a Turing Test — “Can you write a comment that does not look like spam?” If he passes, he can then use his key to spam with abandon until his account is terminated — not just on your site, but on any TypeKey-enabled site that automatically approves TypeKey user comments (Six Apart is thus being a little optimistic even in its worst-case scenario, above.) And that’s potentially a much much bigger prize. As for “TypeKey’s terms of service allows us to disable their accounts” — I’m sorry, but that doesn’t sound very scary.