Intro and Spam
2 views
Skip to first unread message
Joseph Scott
May 13, 2008, 4:12:14 PM5/13/08
to CommentBack
To start with, a quick intro. I work for Automattic and do
development work on WordPress/WordPress.com. I have an interest in
the XML-RPC bits and features in WordPress, which I enjoy working on.
Now on to the spam issue.
The potential for spam should be a top issue for something like
CommentBack. There's no point in having this if you've got to run all
of the data from a CommentBack through spam check like Akismet or
Defensio. So any potential solution should be held to the high
standard of preventing the spam in the first place.
With that said, I'm interested to see what suggestions there are for
adjusting the CommentBack process to prevent spam.
development work on WordPress/WordPress.com. I have an interest in
the XML-RPC bits and features in WordPress, which I enjoy working on.
Now on to the spam issue.
The potential for spam should be a top issue for something like
CommentBack. There's no point in having this if you've got to run all
of the data from a CommentBack through spam check like Akismet or
Defensio. So any potential solution should be held to the high
standard of preventing the spam in the first place.
With that said, I'm interested to see what suggestions there are for
adjusting the CommentBack process to prevent spam.
Mic
May 13, 2008, 5:53:22 PM5/13/08
to CommentBack
> With that said, I'm interested to see what suggestions there are for
> adjusting the CommentBack process to prevent spam.
Welcome Joseph and thanks for your interest in this project.
> adjusting the CommentBack process to prevent spam.
IMHO a way to reduce spam could be to certify the CommentBack sender.
A thing you can't do with an email.
In a first place I was thinking about a "manual" claming and password
setting that a blog admin has to do for every site sending
CommentBack, but this is really not an efficient method.
What about an automatic handshake between the two sites?
Let me give an example.
Friendfeed needs to send to my blog a CommentBack, because an user
posted a link to a post of mine, with a comment.
This is the first time.
Friendfeed asks my blog using a given url (to be defined in the
protocol) for a password string and stores it in its database for
future use.
After this the blog checks if the pretending-to-be-Friendfeed is
really Friendfeed, connecting to a given url (also this to be defined
in the protocol) at that host (friendfeed.com). If the pretending-to-
be-Friendfeed responds with the right string, my blog saves that
string as valid for that host and also Friendfeed saves it as valid
for my blog.
Given that, every CommentBack sent by Friendfeed to my blog using that
password is "certified" as a real Friendfeed comment.
If I'm not wrong a spammer can't spoof the Friendfeed identity,
because also if he pretends to be friendfeed.com the blog password-
check fails, because the real Friendfeed has not saved that password
in the first step.
Also, this certifying system gives the ability to blacklist a site, or
an user from that site, on the blog-side, if needed.
The comunication could also be encrypted or hashed in some way.
But the second problem is: can you trust the third-party antispam
system? So, a comment received from a certified source can be spam?
(For me no to the first and yes to the second)
Makes sense to use a spam check like Akismet in this second stage?
Mic
Jun 7, 2008, 5:22:35 AM6/7/08
to CommentBack
I've updated the specification draft adding a first antispam system,
based on what I've written in my previuos post.
Just to have a more detailed document to discuss on for everyone.
Mic
based on what I've written in my previuos post.
Just to have a more detailed document to discuss on for everyone.
Mic
Reply all
Reply to author
Forward
0 new messages