These days, the number of spam comments I receive easily outnumber the real ones. It’s been an interesting (if annoying) battle. The tactics employed by spammers seem to change on a fairly regular basis.
My presumption has always been that the main intention of blogspammers (known herein as simply “spammers”) is to exploit Google’s PageRank algorithm, which (in a very rough sense) places pages which are linked more often higher in the search results.
The first tactic used by spammers was pretty straightforward: put the address of a website you’d like to promote into the URL field of a blog comment. Nearly all Moveable Type-based blogs use the same mechanism for commenting, so it’s fairly easy to get a computer to do the job automatically. Some people, such as Jim of extrametrical.com, have written their own commenting systems, which — since they use a different commenting mechanism than MT blogs — aren’t targeted. It’s the fabled “security through obscurity” idea [Wikipedia], and it seems to work pretty well. Or, at least, I haven’t seen any blog spam on Jim’s blog lately (actually, ever).
Then came along Jay Allen’s excellent MT-Blacklist, making things considerably harder for spammers. MT-Blacklist leveled the playing field by collecting many spam URLs in single spot — known as the “master blacklist”. When MT-Blacklist is installed on a Moveable Type-based site, each time someone (or some THING) wants to post a comment, the supplied URL is cross-checked against the blacklist, and if a match is made, the comment is refused.
This lead to the creation of dashed versions of the same URLs. For example, http://www.texasholdem.com became http://www.texas-hold-em.com. A little harder to type, but whatever works.
A short while later (and here’s where things start to get weird), spammers started using double and sometimes triple dashes. http://www.online—casino.com and the like. A little strange, but as long as it shows up first in Google, it doesn’t really matter what the address is. Fine. I don’t like it, but I still understand that.
But over the last week, I’ve started receiving spam from completely nonexistent domains, devoid of links in the comment body. And it baffles the heck out of me. Why? What’s the point? About the best I can come up with is that some kind of virus has struck the computers of the spammers, causing blogs to be spammed with nonsense information unintentionally. But a virus, targetting spammers but as a side-effect affects bloggers? Seems a little odd — where’s the motive?
Take www.mingholee.com, for example — the URL in a piece of blogspam I received today. Punching it into my web browser’s location field yields me this:
And Google doesn’t know much about the site, either:
However, here’s something interesting. At the time of this posting, 129 pages contain the term www.mingholee.com. So I’m not the only one.
One more remote possibility, is that over the last week I developed a hole in my DNS services, and what doesn’t work for me (i.e.: www.mingholee.com) actually works for other people. But it that seems extremely unlikely, given the only sites I haven’t been able to reach are the ones spamming my blog.
Someone please give me a clue…