I haven’t been writing much here lately, but others have.
Or rather: They’ve tried.
Some time ago I turned off trackbacks and pingbacks completely, and changed the options for comments to require moderation before anything went online.
That hasn’t stopped the spammers though — I get at least ten mails about spam comments each day, and frankly that’s just not fun.
I should be upgrading to the lastest version of WordPress, as that includes the clever Akismet plugin for catching spam, which seems to work quite well on the other blogs I run. Also, I really should finish the plugin that leverages my social network through FOAF, that’d make for a really great combination, methinks.
Instead I’ve activated a plugin that turns off comments and pings within 30 days of the posting date.
I’m sorry for the inconvience for those who wish to comment on older posts — for now it has to be like that (but do send me a mail if you’d like to comment anyway).
Spam is very annoying, that’s true. I’ve also truned off trackbacks for now and try to keep up with the spam comments.
There has to be a better way than that though – esp. for trackbacks. They seemed like a good idea (before spammers started mass us of them) and could have enabled distributed blog discussions.
Can we think of a way to secure trackbacks (and comments of course) against spam?
I think some of the more recent implementations of e.g. trackback at least do some link-verification (does the linking page contain a link to the trackback’ed page), so that’s probably another good reason for upgrading. :)
Other than that, I don’t see how anything but whitelisting will work in the long run.
A friend was thinking how to make trackbacks (and comments) better and he came up with a plan of 3 steps:
1) use a central spammers database
2) create a local spammers database (add addresses based on some local heuristics like repeated submissions within a time frame, …)
3) do link-verification
The 3rd step is what you are mentioning here and what I’ve been using for some time for ensuring referrers are legitimate.
But I am not sure that a post doing trackback _must_ be linking to the post it is trackback-ing to (or a simple pingback would be enough) in 100% of cases. That’s the difference from referrers where you know there must be a link.
This can’t be helped much though – if we don’t have some way of automatic verification we end up with loads of spam. Whitelisting might help here indeed – if you whitelist those most likely to trackback, you should be ok. :)
You’re right, an actual link isn’t strictly necessary for a trackback, it’s only really a social convention (although a fine one, methinks).
With regards to whitelisting: It’s not really because I like it — it hinders free conversation — it’s just the only practical way out, at the moment at least.
The three steps sound quite sane.
I think that Spam comments can be kept on moderation and if there are too many links that are provided Then just clear off that. Keep that comment if it’s relevant to your posts!