Why blog and comment spam isn't going away
Every one of us who opens up a website to public conversation faces a daily annoyance: blog and comment spammers. Cleaning up after them becomes a morning ritual.
Google, a mix of scammers and legitimate businesses, and global economic inequities all play a role in creating a system that guarantees this problem will not go away any time soon.
The result is a mix of overt and covert spam. Overt spam is easy to spot; it's usually just a set of links to e-commerce sites, often peddling fake merchandise. Covert spam is disguised. Here's an example:
Several characteristics stand out:
- It's not from a bot or a script, but was posted by a human. Registration systems and CAPTCHA challenges are pretty good at stopping the bots. After you take those measures, you're left with posts like this.
- It's awkward. English is apparently not the writer's native tongue.
- It's generic, not related to the content. This can be tricky, because the manual spammers have learned to cut and paste phrases from content and from other comments.
- The links point to a commercial website. This is where Google comes into play. The point of this spam isn't to get your users to click. The point is to steal the reputation of your site. Google's algorithm values inbound links, especially if they are from "respected" websites that already have good Google rankings. These vultures are gaming the system to boost their Google search rankings.
- It was posted at an odd early-morning hour, a tip that if you do a bit of detective work with your logfile info, you'll probably trace the posting back to India, Turkey, Romania, Russia or China.
So how does this happen? This morning I ran across a bit of spam in which a spam factory was looking to hire spammers:
I tracked these guys down. It's an IT company in India, offering to pay 5 Indian rupees -- about 11 cents in US money -- for every "ad" posted on "free classifieds" sites around the world.
But it's not just Craigslist that they're targeting; in their Frequently Asked Questions section they admit that forums and blogs are the target, too:
And they're offering a vague "special bonus" if the ads are posted "in foreign countries:"
I did a little math. The ad claims a range of 10,000 to 25,000 INR per month; that's $220 to $550. The website of this company claims up to 45,000 INR, which is about $1,000.
India has people riding around in Bentleys and Rolls-Royces, and I saw a lot of Rover and Toyota SUVs on my visit. But it also has millions living in brutal poverty and millions more barely above that.
Let's say you're a highly motivated, English-speaking college student with a few basic computer skills. How many spam ads would you have to post to live at that magical 45,000-rupee level? With a 40-hour work week, it would be nearly one ad every sixty seconds. Hard work, actually. But there are millions undoubtedly ready to try it, and if the spam factory simply fails to deliver the promised money order, there are millions more ready to try next week.
Similar conditions exist in Romania, the former Soviet countries, China and many other places around the globe.
The cash that feeds this global spam engine comes from a number of sources. In 2003, when the US housing bubble was running full steam and mortgage bankers were lining up the bad loans that set up our current economic recession, MSNBC followed the money trail of some e-mail spammers and found that it led back to "big-name companies like Ameriquest, Quicken Loans, and LoanWeb." Mortgage lead-generation fees and commissions were ultimately funding the trash in your inbox.
But there are other, more shady sources, ranging from U.S. companies selling term papers to lazy students willing to cheat, to scammers selling counterfeit Rolex watches and fake prescription drugs, technothieves pushing spyware onto your PC, and pump-and-dump stock market frauds.
The CAN-SPAM act gave the US government some tools for cracking down on email spam, and people like Alan Ralsky have been sent to prison. But the law doesn't apply to Web sites and social networks. And while the US government isn't shy about sticking its nose into other countries' business when oil is involved, you'd better not hold your breath waiting for it do something about offshore spamming.