I’ve added a simple math question to the comments. I don’t like inconveniencing innocent people to stop the guilty, just in principle, but I was getting really tired of deleting all the spam from my moderation queue. If you can’t figure out the correct answer to the math question, your comment doesn’t even make it into the queue now. But when you fail, it will tell you the correct answer, so it’s really more of a literacy test than a math test. If you’re able to read, you should have no trouble submitting a comment. And if you’re not able to read, well, you should go learn instead of submitting comments here.


Spam (unsolicited commercial email) is a major problem in general, attracting various people to suggest solutions of all sorts: technical, legal, social, etc.. But few of these solutions get to the root of the problem: spam remains profitable. Most of the purchases intiated via spam are done in anonymity, so unfortunately we can’t do much to prevent people from buying various products and services from spam peddlers.

Stock spam, emails encouraging people to invest in a specific worthless stock, is on the rise, and the BBC has a story on why. Short story: quick profit. I wonder if stock spam doesn’t offer unique opportunities to solve the problem at the root. First, can’t we track down the people buying these stocks through public financial records, and call them out for public shaming? And second, I don’t know much about stock trading, but couldn’t we short-sell these stocks, reduce their value, reduce the profit for stock spammers, and possibly even take a bit of profit in the process?

None of this will work for other types of spam, but am I missing some reason why these methods won’t work to combat stock spam?


Some people think email obfuscation is a good way to fight spam, that it's somehow more difficult for spammers to understand "account at domain dot com" or "account&64;domain.com" than "account@domain.com". These people are wrong. They will often readily admit that they don’t think email obfuscation will stop all spam, but it still makes them feel like they’re doing something in the war on drugs terrorism spam. Here's what they're doing: in addition to making email more difficult for legitimate uses, they're actually making it easier for spammers.

Google returns 27 million results for "* at * dot com". That's 27 million email addresses waiting to be spammed. Google doesn’t allow you to search for the "@" sign, so that’s 27 million email addresses that wouldn’t be available on Google if they were not obfuscated. Email obfuscation not only doesn’t hurt spammers — it actually helps them. Where it doesn’t make it easier, it acts as a placebo, making people feel more comfortable and complacent living in a world of spam. Like everything else, if you don’t want your email address publicly-available, don’t put it on the public web. But if we want to be able to publish email addresses on the web, we can’t continue this half-hearted war on spam, hiding under our beds of obfuscation and hoping they won’t find us.


I just sent the following to an email list that has recently been discussing various anti-spam technologies:

Spam is fundamentally a social problem, not a technological problem. No amount of clever technology can end spam as long as there are still significant numbers of people out there who indicate through their purchases that they want to receive spam. The BBC reports: According to a survey conducted by security firm Mirapoint and market research company the Radicati Group, nearly a third of e-mail users have clicked on links in spam messages.

Imagine it costs $100 to send a million spam messages (though it doesn't cost nearly that much), and each message is selling a product with a $20 markup. Only six of those million messages need to get through to a willing consumer to keep spam profitable. And those six people will never be using Bayesian filters or whatever other nifty tools we can come up with, because they don't even recognize a problem with spam. And those six people will also never self-identify, because they are embarrassed about their purchases.

So spammers can only reach them through mass emailing, and the rest of us suffer the consequences. I don't know of any current anti-spam technology that does anything to deal with those six people.

I'd like to see more economists and sociologists look at changing the factors that make spam the most desirable way to purchase certain products. Why do people buy propecia via spam rather than at their local pharmacy, and what could be done to change that? I think that's a more useful question to answer than how to quickly recognize "v14gr4" as a variant of "viagra."


You may notice I updated the weblog a bit. The URLs are now more readable, hierarchical, guessable, and generally more useful. You can go to a year, month, day, or title. Right now the year will auto-redirect to the first month of that year. I may later figure out something useful to show for a whole year's worth of posts. The month will show a calendar, and the day will show the day's posts if there are more than one, or redirect to the post if there is only one.

On the back end, everything is object oriented, and commenting all goes through a single commment page, both of which will make future changes easier. I removed trackbacks, as I don't see them ever becoming popular outside of geek circles. I hope to eventually allow links in comments to make up for the lack of trackback, but I'll need to implement some sort of moderation system before I do that. Right now, I get zero comment spam here because I've never allowed links in comments, so I don't show up on comment spammers' radars. But my experience with other weblogs suggests the annoyance of moderating comment spam is worth it for the increased connections of links to other sites.

Speaking of, I also added links for similar posts on the weblog as well as similar sites elsewhere, both based on tags. I added tags to the weblog posts a while back, though I haven't been tagging enough posts. I've also been importing my del.icio.us bookmarks pretty much since I started using del.icio.us. I'll have to go through and tag more of the old posts, as well as improve the tag search so it's based on relevance rather than date.

Let me know if you see anything broken or if you have any ideas about further improvements.