Somewhat off-topic: Evolutionary arms race of spam

Just wanted to mention that we get a lot more attempted spam here at Freethought Blogs than I ever remember getting at the old blogspot address.  Luckily, the spam filters are pretty good and I usually don’t have to lift a finger to mess with it.  I do, however, see a few posts a week that slip through the cracks as “uncertain” and drop into the moderation bucket to be checked.

To give you an example of what spam looks like these days, here’s a post from last night by “Nicolette Snith”

Thanks for an unbelievable post, would see your personal others posts. thank you your thinking for this, I felt a trifle strike by this text. Thanks again! You commit a great aspect. Displays the beauty through great facts here. I believe that if a greater number considered it like that, they’d have a very better time frame get the grasp ofing the difficulty.

That’s a pretty common variety.  It’s lavishly complimentary, totally unspecific, and almost written in a reasonable style of  English.  It only looks weird if you take the time to actually read it carefully.

Obviously the goal of spam is to drive traffic to commercial sites, and this seems to be accomplished by adding a URL in the user identity, which you can click from the person’s post.  It used to be the case that most such URL’s were in the form of obviously suspicious locations, i.e., “” or something like that.  (I just made that up, but I checked and it’s a real site.  I do not take responsibility for you surfing there or wasting any money.)  These days, however, the address is more often in the form of an IP address (such as which redirects you to a site that wants to sell you viagra or mortgages or whatever.

The behavior of spammers and spam filter writers very closely resembles the evolution of predators and prey in nature.  Each side has a survival motive to improve.  The spammers are obviously in it for the money.  Design the perfect spam filter, and you cut off their income.  In the worst case scenario, they might even have to give it up and find an alternate career that doesn’t require them to be goddamned parasites.

The anti-spammers are fighting for survival of their content.  I’ve seen quite a few abandoned blogs and forums become completely choked with spam, to the point where it’s impossible to engage in a meaningful conversation.

So each one evolves competitively, and both need to be automated to an extent.  The spammers are busy trying to post millions of junk messages to sites all over the world, while non-spammers are busy trying to clean up hundreds or thousands of messages without employing an army of human moderators to babysit their sites.

What’s interesting is that there does seem to be an upper limit on the effectiveness of spam filters.  If a human reader can’t tell them difference between spam and a legitimate post, how is a computer supposed to do it?  Even now, I have gotten to the point where I look at a brief, harmless compliment with deep suspicion.  If I see a new poster write “Well said” or something of the kind, I have to stare at the email address, the name, and any suspicious links for a non-trivial amount of time before I decide it’s safe to pass through.

Much as I hate this omnipresent intrusion into our lives in a digital age, I find it kind of fascinating to see how the race keeps shifting.


  1. says

    Some of them are downright mysterious. I once got a (presumably) spam-comment that said: “Please delete this message…”, and it didn’t even have any link attached.
    Another one I thought really quaint was: “Hi all,
    i hope to join the discussion soon
    i have some very strong opinions
    looking forward to talking to you all.”
    But if I had to name a favourite, it would probably be this one: “Thanks for the welcome What’s up body! Yea yea, good stuff bro! Chill! I have an information on the the is well! and viagra shop – qaju – 28317 viagra for woman information 5771 – tk viagra for woman information Bye”
    And now I’m curious whether this comment is going to make it through your filter.

  2. James Thompson says

    I use Google’s Postini service. It is extremely effective for email spam and costs less that $25. My email address is old and I get about 1000 spam emails a day.

    Of course I don’t see them in my email reader.

  3. Kazim says

    You suck. 🙂

    In all seriousness though, the WordPress code underlying FTB uses a whitelist system, so once you’ve had at least one comment approved, it doesn’t pester me about you again.

  4. plutosdad says

    They are going to create such sophisticated algorithms that they will pass any Turing test. Combine that with the scraping-sites, and we’ll have entire sites run by computers, with other computers talking to each other in the comments, and not a human in sight.

    xkcd had a comic about a similar idea, where the spam because so sophisticated that it made meaningful comments and actually added to the discussion.

    So get that started on a philosophy and ethics site, and eventually we won’t need humans to advance.

  5. Ryan Jung says

    It did make it through the filter, so apparently the next evolutionary stage of spam commentary will consist of recursive spam. Spam wrapped in less spammy stuff. Like a spam sandwich.

  6. Mike de Fleuriot says

    If you are lucky and are listening carefully, sometimes you can hear two spam-bots circling each other into a filtered death on the internet. The rising whine of incoming mail and deleting of arriving mail gets closer and closer together, until both occur at the exact same time. This continues for a time, when one or the other will send or delete a mail that has not occurred yet in the present. This is when the famous mail blackhole appears and destroys the present existence of the spam bots.

  7. gfunk says

    I know it is a numbers game, but I still have such a hard time wrapping myself around the idea that any significant number of people actually fall for that crap and click the links. And if you do, how do you suddenly say “You know, I guess I will order some Viagra”

    It sort of makes sense when the spam is just straight up and says “buy our illicit junk for super cheap” or “you have won the lottery” and ignorant or desperate people follow the link to their peril, but when it is nonsensical garbage, why would anyone even consider the link?

    Don’t answer that.

    BTW, some of the really weird spam I have gotten has actually been edited by spam filters, so that might be why some people have been baffled. e.g. the titles will be altered to a warning and any potentially dangerous attachments removed, so if you were sent something that was titled “here is the lottery ticket you won” and there was an exe attached, it might show up us “spam” or “delete” and have nothing in it.

  8. Chrisj says

    My favourite spam remains one from a few years back that offered to sell me “anti-aircraft missiles suitable for all terrorist activities”. I have no idea what their website was actually selling, but they did get me to spend several seconds longer staring in blank shock at their email (before sniggering and deleting it) than was usually the case!

  9. says

    A lot of this kind of spam isn’t about getting people to click links from your comments, it’s about getting links to show up on legitimate sites to boost the destination’s search engine rankings.

    Most search engines use algorithms that judge a site’s importance in part by how many outside sites link to them. But the algorithms are fairly smart about recognizing spammed links – for instance, a link originating from the exact same block of text posted to 100 different sites will not be considered as legitimate as the same link originating from 10 distinctive blocks of text. So to get around this, spammers will write a short paragraph in somewhat sensible English, then feed it into software called a “spinner” that generates multiple versions (sometimes hundreds or thousands) of the original by substituting various combinations of synonyms.

    Thus the “nobody-would-click-on-this-from-here” spam and the near-gibberish wording. The good news is that Google, etc. are getting better at recognizing “spun” text.

  10. says

    Meant to add up in that first paragraph by way of summary:

    They don’t expect visitors to FTB to realize a sudden need for viagra – what they want is for someone who is searching for “cheap viagra” to see their site on the first page of Google’s results, and part of the means of getting there is lots of inbound linkage.

  11. gfunk says

    Makes sense, thanks for putting a couple more pieces in the puzzle. I knew there must be some point but still sad someone would click any link from gibberish.

  12. Trebuchet says

    You almost got me with that one!

    I feel like some sort of outsider because I get NO spam at all on my e-mail. I must not use it enough.

    My wife, on the other hand, has relatives who never saw a “free smilies” link they didn’t click on. She does less e-mail than I do but gets orders of magnitude more spam.

  13. Felipe says

    Well, we do have people that think homeopathy is real, don’t we?

    (I had a really hard time trying to think of the most ridiculous belief I could remember to make this lame joke, btw).

  14. Felipe says

    That reminds me of my mother’s Google searches, where she kind of talks to it by writing “I’d like to see pictures of cats” on the search box.

  15. Warp says

    The sad thing about spam (from the perspective of people who hate it, that is) is that it actually works, which is why it’s still an omnipresent phenomenon of the internet. There was this story some years ago (sorry, can’t give references because I don’t remember where it was) that someone (officials? hackers? I don’t remember exactly) got to look at the contents of a spamming website which was selling something (perhaps viagra), and there were literally tens of thousands of purchases logged. That’s quite a good income for sending some emails (which basically costs nothing).

  16. Thomas says

    My understanding is that in some cases, the producer of the product is getting ripped off as well. They pay some fly-by-night agency for 10,000 ad clicks/site visits, and little do they know that those clicks are coming from pop-unders, iframes, emails, forum spam, etc.

  17. says

    I rarely get comments on my blog, and when I do, they’re often spam non sequiturs. Like when I posted an article about medical students not washing their hands enough, ‘someone’ commented:

    “Bunk beds add a lot in functionality and look to the lay of a room. Children in exacting value bunk bed because they feel adventurous and unique.”

  18. gfunk says

    I like how a “somewhat off-topic” post has yielded the most absurdly (albeit somewhat entertaining) off-topic comment thread.

  19. Pat says

    I get it on Twitter from Eastern European women these days…”Hey check out the bad stuff people are saying about you here: (tinyurl.etc)….”

  20. Richard Cornford says

    These days I am wondering how much of ‘prescription medicine’ spam, for example, is about selling (dubious) products and how much is actually about identity theft. As I understand it an identity theft process can be started with as little as a name and address (and/or telephone number), with the scammer(s) using that to leverage their way into getting more personal details. That ‘business’ seems more cost effective that any form of ‘retailing’ as you don’t have to invest in stock, warehousing or distribution, and are a lot less likely to be caught in possession of something incriminating. And the individuals naive enough take the spam seriously are the ideal self-selected candidates for, say, the follow-up phone call that asks them to confirm their bank details. Where people are losing their houses and saving to identity theft one good victim is going to worth more than the profits from 10,000 bottles of fake prescription medicine.

  21. says

    Wouldn’t removing the ability to link to a website when you’re posting resolve that issue immediately? Simply remove the “website” field from the comment form and human clicks as well as search engine page ranks are a non-issue. People could still put links in the comments, but I use Askimet on my WordPress blog and it seems pretty airtight so far.

  22. says

    Me – I see an address and I’ve just got to try it. For the delectation of all… is located in Beijing, China… The ISP is China.Unicom.Beijing.

    You never know where a random string of digits will take you these days….

  23. Kevin says

    I have an e-mail account that has been hijacked on occasion by spammers. I don’t know how they manage it, but they use my e-mail address to send out the usual nonsense. Actually, they don’t use my address, but mimic my address somehow.

    I only get wind of it when I get the returns from bad addresses.

    There’s no virus in my computer. I’m not sending them. They’re being sent from a remote location in my name.

    I called the e-mail service provider, and they said there was nothing I could do about it on my end, nor anything they could do about it on their end.

    I find the “delete” key is particularly appropriate.

  24. says

    And after this article Crommunist celebrates Black History Month | The Crommunist Manifesto. I was moved enough to write a thought I do have a few questions for you if you do not mind. Could it be simply me or do some of these comments look like they are left by brain dead people?

    The irony… ye non-existent gods the IRONY!!!

  25. says

    > completely choked with spam, to the point where it’s impossible
    > to engage in a meaningful conversation

    Remember how this problem was solved by newsreader killfiles?;
    Yes, each person had to maintain his or her own killfile, or trust someone else’s list.
    But you could killfile a thread –so avoiding all the people who responded to the trolling.

    It made it possible to hold a decent conversation ignoring 99 percent of the other people posting, which in some of the science groups was pretty much the ratio by the end there.

    The end? You know, when AOL … but I’m dating myself.

    There is a killfile for Firefox. You know how to find it.