When I launched this blog 2 years ago, it was running Akismet for Drupal, and recently changed to Mollom, one of Dries‘ startup company/project. It has been effective (except for the last few days). Mollom is sort-of similar to Akismet that it (1) uses a classifier to determine the likeliness of incoming comment being a spam (2) acts as a centralised database to collaboratively identify spams. Mollom does a few extra things when the comment is in a “not-so-sure” state, but discussing this would be beyond the scope of this blog post.

Another interesting feature for Mollom is its Flex based statistics panel, showing the number of spams verses the number of legitimate comments. This is mine over the last 12 days:

As you can see the ratio between noise and signal is huge — there are many more spams than real comments. By the way, even for many real comments I am still not so sure about their legitimacy especially those one liner generic comments. As you can see there was a big jump today, because quite a few spams slipped through.

Although the ratio seems to be inline with most studies online, it still surprises me, when I compare it with the SNR of my email spams. I am running my main MTA at home with Postfix 2.4, and spams are filtered with DSPAM, a fast and light-weight email classification system that yields pretty good result (99.12% currently for my account). Here is the analysis graph over the same period of time (generated by dspam-web).

As you can see from the graph — there are only around 20% more email spams than legitimate emails! Not huge difference in the case of this blog’s comment vs. spams.

Now, do we actually get relatively less email spams than comment spams? Not really. But what we do have is better email-spam fighting techniques that block out most email spams before they reach the classifying system (DSPAM in this case). Therefore what DSPAM gets is already a filtered subset of all the incoming email spams. A few techniques deployed:

• Greylisting (see my previous article on this subject). I actually don’t put greylisting on my primary MX anymore due to undesirable delay. However I found by putting greylisting on my secondary MX it is just about as effective, as most spambots pick the last MX entry in DNS to send spam to.
• DNS-related filtering. For example ensuring sender has a FQDN, and a valid hostname, etc. I am surprised to see how many spams are actually filled with invalid sender addresses.

That’s about it, but many people I know also employ RBL, domain-key, etc. At least in my case they have effectively reduced the work for the classifier, which also result less spam getting into my INBOX at the end.

There gotta be a better way to fight comment spams — something between the web server and the actual application that filters out the obvious spams. Bad-Behavior? Mod_Security? They also increase undesirable false negatives though.

Any more thoughts?