GoogleIt Mail IT Print IT PermaLinkA Common Approach to Dealing With Comment Spam In Domino-Based Blogs
11:16:21 PM

I couldn't possibly link to all the articles that people have posted about comment spam recently. The list just goes on and on, and on, and on, and on! OK... I guess I can link to them all, but that's just from the "This Week" folder in my bloggregator database. I've implemented Chris' fix which appears to be effective, but I feel pretty safe in adding for now to that.

It's good that people are talking about this, and I want to put three thoughts into the discussion.

Update: Earlier today, Rocky posted a comment in a thread in his blog with a thought very similar to what follows.

  • If we have learned anything from the history of email spam, it is that spammers are smart and relentless. Whatever countermeasures we devise, they will find ways to overcome them.

  • The implication of the above is that fighting spam is an arms race, in which one side tries to use technical means to raise the costs for the other side to the point where economics dictates that the other side can not continue the fight; but the other side uses technology, too, to reduce their costs... and we do not have any inherent advantage in technology skills.

  • The only advantage that we have is in our numbers, and an effective way to leverage that advantage is by drawing on our numbers to create many different anti-spam countermeasures.

My point is that we should not spend much time debating which particular CAPTCHA technique is best. Instead, we should make sure that there is a wide variety of techniques to choose from. I am convinced that spammers can overcome any single technical barrier no matter how high we make it, but if we throw lots of different barriers at them I believe we can overwhelm them.

I therefore call on the creators of the various blog templates for Domino to cooperate and create a standard subform interface for plug-in CAPTCHA implementations. Anyone who comes up with a potential technique should be able to implement a subform that conforms to the standard, add the subform (and associated resources) to either a Blogsphere-based or DX-based blog, enter the name of the subform into a configuration document, and that's it. The standard may be nothing more than a single agreed-upon name for a computed field that determines whether or not the CPATCHA test was passed; or it might be more. (I'll leave it to the developers to work out the necessary details.) So long as a subform conforms to the standard (and all necessary resources are in place), the blog template takes care of the rest. At the very least, it brings in the subform in an appropriate place so that it will generate its UI at an apporpriate portion of the response form, and it inspects a standard field [e.g., @If(isHuman = @True;...)] that was set by the subform code when the form is submitted in order to determine whether or not to accept the post.

The advantage of a standard interface is, of course, that any CAPTCHA implementation written for Blogsphere works in DX-based blogs and vice-versa, which means that we all have more techniques available for use. Ideally, what I'd like to see is a library of many different CAPTCHA implementations, and the ability to configure several of them in a single blog simultaneously so that a computed subform can make a random selection. I'm convinced that if spammers need to script solutions to many differently programmed CAPTCHA tests in order to effectively attack a single site, we really can get ahead -- and stay ahead -- in the arms race against comment spam.

This page has been accessed 392 times. .
Comments :v

1. Ben Langhinrichs05/31/2006 02:35:56 AM

Excellent idea!

2. Keith Strickland05/31/2006 10:02:07 AM

Why not go with something like this:


I've used the spam-karma one on my old wordpress blog (hopefully I'll get it back running soon ) and it's VERY effective without the use of a captcha. I don't know the logic behind it but it does work very effectively.


3. Rob McDonagh05/31/2006 10:26:03 AM

Brilliant suggestion. I hope Dec and Steve take you up on it. Then the rest of us could kick in with our own individual CAPTCHA designs and we could build up a whole library of techniques. That'd be fantastic.

4. Richard Schwartz05/31/2006 10:53:56 AM

@Ben: Thanks.

@Keith: I certainly don't rule that out, but it looks like these are PHP plugins. If someone builds the interface so that a Domino form or agent can call that code, great! And when it's done, I say package it up as a subform and whatever other resources are needed to go with it, and make it conform to the standard interface so that it can be dropped into Blogsphere or DX, or any other template that adopts the interface.

5. Ray06/04/2006 01:26:33 PM


Why not just activate authentication? Domino is very good at authentication to almost any directory. That will ensure no more anonymous entries to cause flame issues and although it may not stop spam completely it would make it much easier to trap.

I raised this with Ed internally with a view to 7.02 with Steve's template built in. It looks like we may get another license model for Blog/Wiki Domino Web Servers. This is not confirmed yet but being discussed due to the overwhelming comment spam issues out there. This may hover around the 1000 Dollar mark so if anybody has input that will help the team create the best possible model then now is the chance to make constructive suggestions!

Since I have taken anonymous of my blogs I have not received any more spam...or comments Authentications seem a double edge sword really.

6. Richard Schwartz06/04/2006 07:10:58 PM

Hmmm.... There are blogs that I read on MSN Spaces but I don't comment even though I might want to -- because they require Passport authentication for commenting. There are blogs that I read on Blogspot but I don't comment even though I might want to -- because they only allow other Blogger users to comment.

So, it might be possible to convince me, but my initial reaction is that there might indeed be a lot of people willling to regsister to leave comments on Ed Brill's blog, but I don't think there's are going to be a lot of people who are willing to go through an registeration step to leave comments on my blog. And if the registration process can be done without going through an extra step, then it won't stop the spam.

The license model does sound intriguing, though. It seems to me that one would need to be hosting ten blogs -- minimum -- to make it worthwhile for your run-of-the-mill blogger; but that's not too unreasonable. It does make me wonder how this license model would apply for hosting providers?

7. Ben Langhinrichs06/05/2006 10:45:34 PM

I'd far prefer CAPTCHA to authentication. Like you, there are already blogs I don't respond to because of the authentication issue.

8. gigot02/14/2008 07:04:07 PM

@6 I'm also skeptical about forcing authentication. I have some sites offering users the ability to "request information", and don't necessarily want them to have to register first.

I suspect many potential customers would not want to take the time to register, just to ask a question.

Just my $0.02.

It seems to me that I saw an article about implementing captcha in Domino, but now cannot find it - perhaps it was wishful thinking.

9. leilei391504/11/2016 04:27:06 AM

2016-4-11 leilei

10. lllllyuan05/16/2016 12:00:31 AM


11. jlgg02/22/2017 09:10:38 AM
Homepage: burberry
<H1><a href="" title="yeezy boost 350"><strong>yeezy boost 350</strong></a></H1>
[url=]yeezy boost 350[/url]
[url=]Ray Ban wayfarer sunglasses[/url]
<a href=""><strong>ray ban aviator</strong></a>
<a href="">nike free run</a>
<a href="" title="Burberry Outlet"><strong>Burberry Outlet</strong></a>
<H1><a href=""><strong>balenciag bag</strong></a></H1>

12. jlgg02/22/2017 09:12:27 AM
Homepage: major league baseball Mizuno Shop prada outlet michael kors outlet basketball jerseys michael kors outlet Jordan retro coach coach outlet michael kors outlet Coach Outlet Online burberry online burberry outlet nike shox shoes abercrombie outlet us coach usa kate spade bags moncler mens jackets michael kors bags outlet ralph lauren australia moncler jacket Billat moncler outlet ray ban new wayfarer ray ban sunglasses ray ban polarized michael kors italy burberry outlet canada asics Australia pandora australia pandora jewelry pandora uk michael kors bags yeezy boost 350 nike com Nike Hyperdunk Shoes kate spade black friday mcm outlet nike free run michael kors online michael kors tote mlb shop authentic prada handbags outlet cheap ray ban sunglasses ugg uk moncler outlet ups tracking prada factory outlet online ray-ban sunglasses moncler uk Pandora Charm burberry online football jerseys Hermes Outlet Nike Air Jordan coach purse abercrombie outlet china wholesale coach diaper bag pandora rings sale prada outlet online Longchamp Outlet pandora jewelry landing gears prada outlet prices prada outlet online jordan retro shoes prada bags outlet burberry scarf paul smith

13. 20170227caihuali02/26/2017 10:30:11 PM
Homepage: http://

14. leilei391502/28/2017 02:26:26 AM

20170228 leilei3915

15. zzzzz02/28/2017 08:51:22 PM

Enter Comments^

Email addresses provided are not made available on this site.

You can use UUB Code in your posts.

[b]bold[/b]  [i]italic[/i]  [u]underline[/u]  [s]strikethrough[/s]

URL's will be automatically converted to Links

:-x :cry: :laugh: :-( :cool: :huh: :-) :angry: :-D ;-) :-p :grin: :rolleyes: :-\ :emb: :lips: :-o
bold italic underline Strikethrough

Remember me    

Monthly Archive
Responses Elsewhere

About The Schwartz


All opinions expressed here are my own, and do not represent positions of my employer.