I've always assumed that comment spammers are using scripts to spread their evil, evil comment spam. My assumption is based on the following:
- Brute force comment spamming - actually visiting the site and entering a comment in by hand - is slow and inefficient.
- I personally know many bloggers who use CAPTCHAs on their site but leave commentAPI wide open, and their comment spam has plummeted to near zero. CAPTCHAs, though, are no biggie if you are brute forcing the comment spam entry, so if CAPTCHAs are stopping people it must be because of screen-scraping type scripts. (However, you'd think that it wouldn't be long before the bad guys smartened up and started using commentAPI to inject their spam.)
However, I am certain that a sizable percentage of comment spam is injected through brute force means. Some poor slob taking time out of his life to visit a blog and post a comment in the hopes of improving his site's pagerank. And some of these comment spams are getting more clever, addressing other comments so as to appear valid, but hiding the spammy URL in the author's name portion. For example, today a comment was added to my last blog entry by a Mr. Stephen Bauer, MD, who happens to be a noted asperger specialist. Why he was commenting on my blog, I'm not sure, but his comment was definitely on topic. He said:
I agree with "haacked". This topic cannot be stressed enough in today everchanging, fast-moving times. Andrew was dead-on with his MSDN example. That has hit me many times with them. Other culprits are the various "ASP" websites out there that change their URLs.
Keep it real. Err, keep it the same!
The problem (other than the fact the name being used is clearly a fake)? The URL linked to from Stephen Bauer, MD points to a linkfarm site. This is an example of comment spam. In fact, I'd wager the last line - “Keep it real. Err, keep it the same!” is a marker of sorts, that this spammer can use at a later date to see if I allowed such comment spam entries to exist on ScottOnWriting.NET.
I detest comment spammers more so than email spammers. Sure, the volume with email spam is astronomically higher since the spammers have perfected their email spamming trade, but in the same token, the anti-spam tools for email have caught up as well - SpamBayes automatically keeps several thousand spam emails per month out of my Inbox. The comment spam will get worse as the spammers perfect their trade, I'm sure, but hopefully we'll see a similar rise in comment spam-fighting tools.