Nifty little bit of PHP code here to show your MT-Blacklist stats on the front page of your blog. Probably not going to do it myself, but thought it worth passing along.

Jay Allen has resurfaced, noting again his super-saturation with non-MT-Blacklist activities (not least of which is moving from Budapest to California). He does point out something re MT-B I'd not picked up on before (bolding mine):

Lee's comment reminded me that a major change from MT-Blacklist v1 to v2 may not be obvious to some users. Despite the history and name of MT-Blacklist, I have never been completely happy with a blacklist solution. I have said on many occasions that a permanent, ever-growing and central blacklist is not the correct or final solution. It is for this reason that I introduced Max URL and old entry comment moderation.

These two features allow you to force into comment moderation (the comment awaits the blog owner's approval) any post that (a) has more than X links inside of it, or (b) is on a comment older than Y days (and hasn't had a comment in Z days). I have both of these features turned on here at DDtB (and actually had one of my own comments moderated the other day for excess URLs).

By themselves, these two features will keep a huge majority of spam off of your site without the need for a single entry in your blacklist.

Yup.

Since the spam is force moderated and never appears on your site, you don't even need to worry about de-spamming until you feel like going in and batch deleting all of them via the Comments tab in the admin interface. Or you can do the first step of the despam process using the link in the notification email, to delete the comment and send in a report to the Clearinghouse, but skip the second step of adding the domain to your blacklist entirely.

I'm not sure I agree with this last point. While blacklisting URLs cannot be the only solution, it's a quick and valuable one, and I have no qualms about adding that sort of thing to my own blacklist.

Btw, while you can batch delete comments in the new Comments tab in MT3, you can also (via a tiny little link at the bottom of that page) treat them as spam and delete/report them that way, too. You still need to explicitly identify which of them are spam (and which might be comments moderated inadvertently or for other reasons).

Essentially, the only time you really need to de-spam is when spam evades both of the above measures or if you are getting massively attacked by a certain spammer and want to blacklist them just to kill off their submissions entirely. These actively and recently spammed domains are really now the only ones you need on your blacklist.

I'm not sure that "old" domains can be so easily discarded (if that becomes the standard, then the Bad Guys will just recreate their old domains).

What I still miss is a "bulk despam" function like MT-B v1 had (apply the blacklist to the last X entries). Jay noted, in response to my question about this, that it's a feature still on the list of things to do, but the move (and other issues) are still keeping him from it. I look forward to the function being added, and am still (looking at my blacklist log) thankful I have this invaluable tool.

Jay, who's now going to work for SixApart, also commented, re MT licensing:

However, I will point out that I know of some people who believe that the licenses require them to pay when in fact, they do not. In other words, there is some leftover misinformation from the whole licensing fiasco.

If you run a non-profit multi-author blog (or any type that requires payment) you should contact 6A to get better (read: perhaps $0) licensing terms. They've asked people to do that because they aren't in the business of milking those who are doing good and interesting things but can't pay.

Something to consider.

Filed under :: Blogging :: Spam
Link · Print · Edit · TR/G

"I’m not sure I agree with this last point. While blacklisting URLs cannot be the only solution, it’s a quick and valuable one, and I have no qualms about adding that sort of thing to my own blacklist"

I was simply illustrating that the blacklist isn't really necessary anymore except for completely blocking out domains. The blacklist is still useful however.

"I’m not sure that “old” domains can be so easily discarded (if that becomes the standard, then the Bad Guys will just recreate their old domains)."

And what? Post them to old entries because those are the entries that give them a higher page rank. In that case, they also get moderated without any intervention from you. Do you see what I mean?

Thanks for the comments, Dave.

De nada. And thanks for commenting here.

I agree that the old-post moderation and multi-URL moderation are very valuable items, and do catch for me the majority of comment spam. They also let some through -- comment spam with few URLs (most of them), and comment spam on recent comments. Both seem straightforward tactics for spammers to adopt. In which case, domain banning still remains the primary tool in the tool kit.

That addresses the point about resurrecting old domains. If the primary lines of defense can be bypassed, they will be, and then we needs must ban those domains again.

This assumes that domains need to be kept meaningful. If we reach the point where these sites (or the spammers) rely on suggestive commenter IDs and surrounding text to point the way to www.xyz12a93b.com, then domain banning is going to become as problematic as Bayesian filtering has become for some e-mail spam.

Regardless, we'd be in several orders of magnitude greater worlds of hurt without MT-Blacklist, regardless of the tactics used.