Learning Exercise: Blog Comments

This is the first blog I’ve had where I have a moderated comment queue, and it has immediately become apparent why this is so important.  Spammers are incredibly clever in their efforts to subvert comment mechanisms and distribute their payloads.  So far I’ve had a large number of seemingly positive comments (always nice to see!) that have turned out to have a link either in the comment itself or – this is the one that really struck me as clever – in the user’s personal website link.

There is a recurring theme in computer security circles that in the coming years we’re likely going to reach a point where spam becomes nearly or completely indistinguishable from ordinary email by any reasonable means.  Whenever I see a new spam technique I wonder again how far we are from that point.  It’s still a big gap right now, but I already feel kind of bad for someone who is trying to run a website without a strong feel for shady web dealings.