This blog is retired.


WordPress spam - III. Trackbacks.

From Wikipedia:

A Trackback is a method for Web authors to request notification when somebody links to one of their documents. … Some individuals or companies have abused the TrackBack feature to insert spam links on some blogs. This is similar to comment spam but avoids some of the safeguards designed to stop the latter practice. As a result, TrackBack spam filters similar to those implemented against comment spam now exist in many weblog publishing systems. Many blogs have stopped using trackbacks because dealing with spam became too burdensome.

I’ve already published an idea how to resurrect trackbacks: trackbacks should be performed through an intermediate, not directly. (For details, read this post, “decline and fall of the trackbacks; rise and resurrection of the trackbacks”.) Unfortunately, such protection depends on a third party.

And here is yet another idea, which doesn’t require an external service.

Adding a human to the trackbacks

* The blog software doesn’t publish a trackback immediately. Instead, it puts the trackback to a queue.

* Anyone (usually the trackback’s author) can view the queue and approve the trackback.

* If the trackback isn’t approved in K hours, it’s automatically deleted.

Why does this approach work?

Well, it’s obvious why the workflow stops the spam. The spam bots just don’t expect the confirmation step. And even if the programmers improve the bots, the blog owner can put a CAPTCHA on the confirmation page.

But will people confirm theirs trackbacks? I don’t know. Hard to say without practical experience. In my opinion, they will do it. A trackback entry is a sort of benefit for the commenter, therefore I expect people will claim the benefit.