Network News

X My Profile
View More Activity

Microsoft Stabs at Blogspam, Pokes Google

Microsoft today released new research on the epidemic of spam blogs -- or "splogs" -- as well as the "comment spam" that dodgy marketers splatter all over blogs in a bid to improve their sites' search-engine rankings. Redmond's research team found that splogs hosted on Google's appear to be widely spammed and fairly effective at jacking up the search results for the spammers' Web sites.

Microsoft said it generated the findings using something it calls "Strider Search Defender," a research tool that tries to distinguish legitimate Web links in blog comments from spammers' ruses. Microsoft said it found that most comment-spam links are actually to "doorway pages" that use cloaking and redirection techniques to redirect users to the spammer's target page or deliver ads. Doorway pages, it said, usually include innocuous-looking links to splogs hosted at free services like Blogspot,,,, and Links that show the domain names for these services -- rather than the spammer's actual address -- appear more legitimate and therefore are more likely to ensnare visitors, Microsoft said.

"By identifying those domains that serve target pages for a large number of doorway pages, we can catch major spammers' domains together with all their doorway pages and doorway domains," the company said.

Microsoft found one massive redirection network using some 17,000 Web pages at Google's, although roughly 45 percent of those referred victims to just six spam sites. In another Search Defender test, researchers located more than 5,500 spam-related sites on Blog4Ever, nearly all of which used the same Google AdSense affiliate identifier, suggesting the entire network was created by a single comment spammer. The security professionals at SecuriTeam have recently posted a series of links to research on blogspam that make for a very interesting read on the relationship between blogspam and AdSense.

Yi-Min Wang, manager of Microsoft's cybersecurity and systems management research group, told me that the goal of Search Defender is to help the software giant automate the filtering of splogs and comment spam links in search results returned on

"We now have a method to identify spammers so that before they get indexed into search results, we can block them," Wang said. "When this is fully automated, the spammers will need to spend a lot more effort trying to get into our search results."

Microsoft said Search Defender weeds out false positives -- links left in blog comments that are not spam-related -- by launching each link it examines in a browser window and recording all third-party traffic to see where the sites are snatching their ads from.

Of course, much of this reseach paints a rather dim picture of anti-blogspam efforts by Google, which the folks at probably wouldn't mind seeing taken down a peg. For its part, Google suggests bloggers incorporate its "nofollow" attribute for hyperlinks in comments left by users, so that links in comments don't get any credit when Google ranks Web sites in search results. For more info on this attribute, check out this page.

But how do these lowlife blog spammers push out so much crud so quickly? Take a look at the dirt dug up over at the Computer Science and Electrical Engineering department at University of Maryland, Baltimore County.: They point to a slew of pricey, do-it-yourself commercial software titles with names like "VooDoo Blogger" and "Blog Link Generator."

I, for one, am certain I have seen these types of tools in action. Comment spammers like to target high-traffic sites in particular, and on some days I delete dozens of comment and trackback spam links from the pages of Security Fix. Most of the time when I check the time stamps on those comments, I find they were all left within minutes or even seconds of each other.

Each blogger can do his or her small part to make sure these human hairballs can't further their weak money-making schemes through comment spam. One of the best ways to stop comment spam in its tracks is to be vigilant: Deleting blog spam as quickly as possible decreases the chance that search engines will index the link as a mark of legitimacy.

But that's just a start: Sitepoint has some excellent tips on fighting comment spam. Also, most of the major blogging sites now include pointers on how to use antispam features. lets users require commenters to follow a verification process -- essentially a captcha -- to help weed out automated processes. Wordpress has its own tips here, or users can outsource their blogspam patrol (well, sort of) with Akismet, a free (for personal use) tool that compares any link, trackback or comment left on your Wordpress blog to a service "which runs hundreds of tests on the comment and returns a thumbs up or thumbs down." SixApart, which runs TypePad and LiveJournal, also lists a number of tips for users fed up with blogspam.

By Brian Krebs  |  July 13, 2006; 12:20 PM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Adobe Issues Security Update
Next: Unpatched Powerpoint Flaw Exploited


A better solution is to have an email service in which users click on a link within the email message post their comment.

However, search engines knew back in the 90s when they started to rank web sites by link popularity that this kind of corruption would occur. We should expect search engines to know pay-per-click advertising will become 100% corrupt with artifical clicking because of the monetary incentive. After all, if technology can allow solicitation to POST to a blog comment form, what makes anyone think these same people cannot automatically click on a pay-per-click ad, especially when there is a financial incentive involved?

Posted by: Ed | July 13, 2006 1:22 PM | Report abuse

Why doesn't the Post use any of those methods to get rid of comment spam?

Posted by: h3 | July 13, 2006 2:22 PM | Report abuse

Thanks for the mention. Quick fix, the name and domain is spelled "Akismet", short for Automattic Kismet. If you check out our stats page you'll see that now more than 9 out of 10 comments and trackbacks are spam and the trend isn't looking good.

Posted by: Matt Mullenweg | July 13, 2006 3:03 PM | Report abuse

Matt -- Corrected. Thanks for pointing that out.

Posted by: Bk | July 13, 2006 3:17 PM | Report abuse

I've been seeing this a lot on bulletin boards, specifically one fairly small to middling sized phpBB board I moderate. The "pages" they link to in their profiles are exactly what you've described as "gateway" pages, using a lot of .info or .ru domains. They also used to post a huge list of links, but I think they think they'll fly under the radar if they just create a profile and don't post.

Not on my watch.

Posted by: M. H. | July 13, 2006 3:42 PM | Report abuse

Another correction -- the splog software page you point to is from the *University of Maryland, Baltimore County* and not the *University of Maryland*. Our research has shown that about 75% of posts drawn from the most popular ping server are from splogs.

Posted by: Tim Finin | July 13, 2006 9:27 PM | Report abuse

Your articles doesn't have enough embedded links. Please try to hyperlink more text in the future.

Posted by: Red eyes | July 14, 2006 11:32 AM | Report abuse

I have been looking into robot based spam on many of my own websites, and I think a simple solution would be to integrate a captcha ( image check, this would reduce robot based spam, and require more time by manual spammers, which may deter a few.

Posted by: Eric from WebDesignHero | July 16, 2006 1:21 AM | Report abuse

Hi Brain,

What do you think about the seo contest?

Will this kind of contest affect the search quality?


Posted by: Lawance | July 16, 2006 6:49 AM | Report abuse

Strider is very cool but what they aren't telling you is how easy their search is cracked.

A sample here with a screenshot that tells all and it all happened during World Cup.

Posted by: Citizen X | July 18, 2006 9:10 PM | Report abuse

Akismet has stopped 317 link-spam posts on my personal site in the last 15 days.

Running an "open posting" site without Akismet or equivalent these days is an insane task.

Robin 'Roblimo' Miller
Editor in Chief, OSTG

Posted by: Robin 'Roblimo' Miller | July 20, 2006 12:02 PM | Report abuse

Spamhaus Internet terrorists.

Becoming what you oppose
Editorial by Dave Hayes

Many folks have asked me why I stopped "contributing" to the everlasting debates in NANA (*). I generally respond with something along the lines of "I don't wish to become that which I oppose". Indeed, recently I've "plonked" several entities (among them the terrorists known as "spamhaus" and "spews") simply because I no longer wish to beat my head against the stone wall of ignorance.

Terrorists? Yes that's right. One definition of "terrorism" is "attacking innocents in the name of your cause". Nowhere is this more ironic and extreme than in the deeds of my old nemesi, the anti-spammer zealotry collective, some of whom are now known as spamhaus and spews. The terrorism they practice is implemented in the form of "mail blacklists".

Blacklists are not a new notion. In the 1950's, the infamous McCarthy blacklists contained names of "possible communists", which ultimately led us to a more sterile culture.

The social costs of what came to be called McCarthyism have yet to be computed. By conferring its prestige on the red hunt, the state did more than bring misery to the lives of hundreds of thousands of Communists, former Communists, fellow travelers, and unlucky liberals. It weakened American culture and it weakened itself. ---Victor Navasky, Naming Names (New York: Viking Press, 1980)

Modern internet technology has created our own version(s) of social blacklists. Many anti-spam zealots have turned to this method for freeing their mailboxes from spam. Simply expressed, these organizations maintain databases which are supposed to contain the IP addresses of known spammers. They then provide these databases to various electronic mail servers, so that the servers can reject email based on what's in these databases.

The bottom line is, if the machine that sends your email is on this list, a number of mail servers will automatically reject all email from your server.

If (and only if) they restricted these blacklists to actual spammers, I doubt very seriously that I would have problem with this practice. If we could trust human beings to maintain a logical and calm viewpoint about life, I doubt that I would have a problem with these blacklists. Unfortunately we cannot trust these things in either case.

Fact: Spamhaus and spews have added innocent IP blocks to their blacklists.

The anti-spammer idealotry goes like this: "Anyone who gets service from a network friendly to spammers is supporting the spammers and therefore our enemy." (The friend of my enemy is my enemy too?)

So here's how this goes. Once a network provider is branded "a communist" excuse me..."a spammer", ALL of their IP ranges are blocked. Typically a network provider is providing services for smaller service providers, many of whom would never and have never engaged in spamming of any kind. No notice is really given on these blacklisting events, rather you find out when mail starts bouncing to some destination. Usually an end customer is the first to notice, and that customers is directed by the bounce to complain to...their own ISP!

In essence, the customer is tricked into presenting the terrorist anti-spam agenda to the ISP. The ISP turns around and finds out that -their- provider (or provider's provider) is what the anti-spam zealots want "silenced". Until that target complies with their arbitrary agenda (usually of the form "stop spamming", but this is not always true...see below), everyone else has to suffer with electronic mail blocks.

What's wrong with this? Everything.


First and foremost, the most often heard reason anti-spammers are so rabid about anti-spam is "it makes electronic mail unusable for average people". If this is true, then how does blocking innocent email help this situation? In fact, blacklisting innocents contributes to the problem. The hypocrisy here is so thick I doubt even a knife can cut it.

The dishonor of the practice of blacklists is amazing. Many naive internet mail administrators add blacklists like spamhaus "because they work to reduce spam". Lots of these sites have no idea that they are being cut off from legitimate email because of these machinations. If their customers really knew that they were cutoff, I wonder how many would still buy service? Getting rid of spam is one thing, blocking that key business email that means $100K in sales is quite another.

Lets take this one step further. Person A buys email service from ISP X who is using Spamhaus to block spam email. Person A's daughter, who's income is very low due to being a student in college, buys email service from ISP Y (because it's cheap) who uses IAP S as their connectivity. ISP Y buys network from IAP S because it's cheap. Due to real life constraints, the only contact Person A has with their daughter is email.

IAP S suddenly gets put on the anti-spam master blacklist. The same day, Person A's daughter has a car accident. A roommate desperately tries to send email to Person A but it's blocked. Worse, it's blocked because these zealots have an idealogical cause which is set up to be more important than a person's life. This is the height of dishonor.

The practice is quite criminal by many definitions and with criminals on all sides:

Any ISP that is blocked is told to "comply with our demands or be blacklisted" (a.k.a. extortion).

Attacking innocents in the name of their cause (a.k.a. terrorism).

Since the control of the blacklist is out of the hands of the service provider who subscribes to it, by law you must clearly state "random people may be blocked to your email box by other people who are not under our control" before selling "email services". I've never seen this stated on any ISP ad. (a.k.a false advertising)

Blacklisting ISPs is a good way of knocking them out of business (a.k.a restraint of trade)

If spam ever goes away, these organizations will also. Thus they have a vested interest in keeping spam alive (a.k.a playing both sides of the street)

Do note that the anti-spammers claim these practices are not criminal and will "reduce economic support for the 'spam friendly' ISPs". This claim is quite erroneous:

Fact: Spammer companies have far more money than most innocents.

Yep, to the tune of millions of dollars per month. SPAM is big business. Do you think that the income of one little ISP with 1000 customers is going to make any difference against the large income of a spam company? No! All that does is clear more bandwidth for the spammers to use, should the little ISP cave in and switch to another provider.

While there's no proof (that I'm aware of), it's not so far fetched to open up questions of collusion between "the providers that are anti-spam" and the "anti-spam blacklists". Certain providers, to compete, may pay the blacklist groups lots of money to keep attacking innocents, which gets them more customers in the long run as ISPs fold because they cant afford the connectivity provided by the "anti-spam supporter" providers.

I've established some things here:

1. In my opinion, blacklists are bad.
2. The anti-spammers are resorting to clearly criminal activities to further their goals: extortion, restraint-of-trade, terrorism.
3. The effect the anti-spammers are trying to have by blocking innocents only works to destroy email connectivity, the cure is worse than the disease.

This brings me to my concluding point. The original complaint against spammers included accusations of being criminal. Most spammers are considered criminal. Yet look at the anti-spammers! In their undying eternal zeal to end spam, they have become just what they oppose! Criminals and email destroyers. Gee, isn't this what they call the spammers?

The aware person realizes that fighting something only makes it stronger. Indeed, when you see two people rabidly on one side or the other, it's very hard to distinguish the two. They almost appear to be the same person, willing to commit any atrocity for the sake of their ideology or economics. What more do I need to know?

So, in a roundabout way, that's why I don't participate. I've done my days of tilting at windmills. I've presented my pearls, but the swine didn't hear any of them. They've misrepresented my position countless times for their own agendas, failed to understand even the most basic of the concepts I've explained, and twisted what I've said to make me out to be something I am not. ("Spam supporter"

I have finally realized that it has less to do with the ability to understand, it's mostly that they are not willing to understand. So in that climate I should once again venture forth into that primal never-ending argumentia that is NANA?

No. I'm sorry. I have far better things to do.

Posted by: Bill | August 27, 2006 3:25 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company