centre{source}

If you thought that anti-spam protection for your incoming mail would alleviate your e-mail problems forever, think again – another issue that can cause more than a few headaches are DNS BlackLists (DNSBLs), sometimes also called RBLs (Realtime Black List). DNSBLs are not a new idea, but their usage is increasing rapidly. In short, a DNSBL is an innovative use of DNS to provide access to lists of IP addresses (or other info). These lists are created on varying criteria -- for example, the IP address was caught sending spam, or it's owned by a company known for supporting/sending spam. Or perhaps the IP address hosts a mailserver not following the rules, or a web/proxy server that has been compromised in such a way that it could be used to send spam. In this way, common sources of spam can be compiled into these lists and checked by a mailserver before accepting mail. If you show up in the blacklist, your mail is rejected.

As the spam-war has escalated, DNSBLs have become a double-edged sword. They have probably saved SMTP from being utterly inundated with spam to the point that it's useless. However, blacklists have also been forced to get increasingly aggressive. It's not uncommon for an organization to find itself blacklisted, even if it didn't overtly send spam (that it knows of). If your organization becomes the unlucky member of a DNSBL, you'll find that most (if not all) of your email is rejected by the outside world because you're now considered a spammer. The worst part is that you may have no idea why you were blacklisted and no idea how to get de-listed!

BMW.de was yanked from google's index this week, for violating google's policy in some shady SEO tactics involving javascript redirects.

Good for them.

(Hat tip: Chris)

Well, wordverify has taken care of almost all comment spam, except for human spammers, of course.

Earlier today, I posted about spam received in a blog comment that was clearly posted by an actual person. In that post, I mentioned tracking down (not hard in this case) and calling the company that appeared to be behind the spam, Advantage Consulting Services. Surprisingly, "V. Patel" called me back.

I told him I was interested in their company's product and started off just asking him questions about SEO in general, followed by some leading questions about how linking might affect pagerank (hint hint). CentreSource deals quite a bit with SEO, though with legitimate "white-hat" vendors (naturally), so I had a fair idea of what I could ask to probe for nefarious practices, but he pretty much kept it legit. Eventually I cut to the chase and explained why I was really calling, I asked him if he spammed the blog. To my further surprise, he said yes, and that he was "sorry". Yeah, well, I'm sorry too, pal.

The company name is Advantage Consulting Services (www.acsseo.com redirects to this URL). The website is actually a nice-looking website, and it comes across as being a legitimate SEO company (of which there are many). What's even funnier is that they have an entire section devoted to ethics, where they note:

We recognize that your website represents both your integrity and ours - and we strive to give you the best results while maintaining the highest of industry principles. We use industry best practices and ethical standards to ensure that your search engine optimization and marketing processes are achieved through honest means.

It doesn't get much more ironic than that, folks. "Your Integrity Is Your Integrity", they say at the top. I wonder how "Abrams California Health Insurance" might feel about the "ethics" involved in Advantage Consulting Services spamming on their behalf. Unsurprisingly, nowhere in their Processes page do they mention comment spamming.

It'd be funny if it wasn't so infuriating.

The transcript of our conversation is below. It's not terribly exciting -- I was admirable in keeping my composure while finding ways at the end to say "spam is bad" without swearing. Ladies and gentlemen, meet the new friendly face of the comment-spam inundating your blog, "V. Patel":

So, since I wrote and implemented wordverify, I have only had two comment spams slip by. They were both human-driven. I could see a clear path of them coming in to the site, go to a post, submit the comment, and get the "Please enter the security word" failure, go back, and then successfully post the comment.

It appears the reality of human-driven comment-spam is upon us. The most recent one I received is below:

Author: Colorado Health Insurance
E-mail: vpatel@acsseo.com

Wordpress 2.0 has been released. I've gone ahead and upgraded the Centresource Blog and all appears well. The only problem I've noticed was with the feedburner redirection plugin we use to redirect RSS requests to Feedburner. I've fixed this with some manual .htaccess redirections for now.

The ol' CentreSource Blog was the target of an increased level of blacklist-poisoning/Joe-Job comment spam all week (on the order of 20-30 a day), and I got a little fed up.

So, I wrote a Wordpress plugin with a simple yet effective goal against automated comment-spam: the requiring of a "code word" in the comment form posting.

You can get the plugin, and a more detailed explanation of how it works here.

Ask and ye shall receive. Here's an example of a blacklist poisoning comment-spam attempt we just got tonight:

Author : Charles Ford (IP: 196.7.0.160 , ge1-0.cc1.cpt1.alter.net)
E-mail : Joshua@internet.com
URI : http://www.av.com
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=196.7.0.160
Comment:
Very informative site. Good job. thins that excited you at 14:
http://www.adobe.com , <a href="http://www.yahoo.co.uk" rel="nofollow">thins
that excited you at 14</a> , <a href="http://www.panasonic.com"

A new trend in comment/referer spam is on the rise -- or on the low, I should say, since it is low indeed.

Typically, when I get a comment spam that slips through our .htaccess checks and wpblacklist, I usually have to go to the wpblacklist options area and manually search for the URL they spammed and add the offending IP, host regex, etc.

Someone on this thread asks the following question:

Your article was helpful. Thank you very much. I wanted to know how to to track the geo-location from where an email was sent. Is this possible?

The short answer is "maybe, but probably not".

There are basically two factors playing into whether or not you can track down an e-mail to a physical location of origin. The first is "Can I track down the origin IP address that the e-mail originated at?" The second is "Can I associated that IP address with the physical location of the sender?"

So, to answer these questions in order: