Subscribers to my RSS comments feed may have noticed a recent increase in the number of “obvious” spams getting through. I clean them up quickly, but they sometimes get into the RSS feed.<\/p>\n
I chased down why these spams were getting through the highly-regarded SpamKarma 2.2<\/a> plugin. SpamKarma has a filter called the Snowball filter. Looking at the code, it seems to have two key pieces of functionality. <\/p>\n The first is based on the realisation that if you have provided a legitimate comment before, then this comment is probably legitimate, but if you have spammed before then this comment is probably spam.<\/p>\n The second is based on the realisation that if you have sent a lot of comments recently, and the first few get through, but a later one is detected as spam, then the earlier ones are more likely to be spam than was first thought. The bad spam karma “snowballs”, and is applied retroactively. To quote a section of the code, if it detects one of the comments is spam, it will “unleash all minions of Hell on that bad boy’s company…”<\/p>\n The trouble is that the detection of the comment author is a little naive. It uses a number of factors including the email address, the IP address and the domain name of the URL provided by the commenter. It is the latter that is the problem. The Snowball filter gives too much credence to matching domain names.<\/p>\n