Comment spam, SMTP relays, and chanuka/Hanukkah

A couple of days ago I was going over some blogs I read, and came on this post by David Weinberger which actually touched on a subject I apparently know much better than him, the Hebrew language. Specifically, a mention he made about the word “chanuka” in Hebrew.

He got it pretty wrong by deciding it means lighten-up, and his first commenter got it mildly wrong by saying it means dedication. The term is more like the “warming” part of “housewarming”, the first acknowledged usage of something new (or at least the time when the usage is declared/acknowledged). It applies to new houses, and public buildings and parks, but also to things like cars, television systems, or even wines. Or, on a different meaning, it is chocked, when related to a female (Hebrew verbs take different forms for each of the two male/female genders).

Of course, the holiday Hanukkah is based on the same word, so it’s also possible the entire thing is moot, since I don’t know if “chanuka” in Swahili has a similar sound or not. Just being similarly written is quite meaningless, considering that I know the Hebrew word, at least, doesn’t really sound like an English speaker will tend to pronounce it.

So I decided to be a good little Hebrew speaker, and leave a comment on his blog post.

And couldn’t. I was caught by an overzealous anti-comment-spam device, which is even not suitable to serve against comment spam.

A little aside to the few readers who don’t know what comment spam is. You all know what email spam is, right? Incoming messages you never requested, trying to convince you to do stuff, or buy stuff, that you don’t need. Well, blog posts often have the possibility to leave comments on them. So it was only a matter of time until spammers jumped on the bandwagon, and made automatic bots (computer programs that can do many of repetitive tasks, like sending an email, or filling a form on a web page, quickly) that will leave comments which are not relevant to the post, but contain links to their sites. Often these involve porn, and card games, but the variety is as large as on the email spam.

Meaning that many measures are now tried and used in order to keep comments in blogs free of these comment spam messages. Some more elaborate, some simple. The method I use here is a very simple one, requiring anyone writing a comment to fill in an extra field. This works because those bots are automated to work against the basic and common ways comments work, and do not (yet) try too hard to go around variations.

There are many other methods, but Weinberger decided, IMNSHO, to be too smart for his own good. He tied the comment posting to a system that checks the comment poster’s IP address (The unique Internet address of the computer) against a central database, with a list of bad address used as open SMTP relays.

Another aside, about open SMTP relays. SMTP is basically the communication protocol used to send email messages. So mail servers send messages using SMTP. Spammers (the email spammers this time, not comment spammers) don’t want to use their own mail server, because then it would be easy to block their messages, and so they look for email servers which are open relays. Being an open relay mean that this mail server will accept a message from anyone, without any verification and authentication, and send it onward. This is a bad problem in the age of spammers, and email server operators are encouraged to configure their email servers not to do that.

One of the things that happened is that there are several central repositories, like the Distributed Sender Blackhole List, which contain IP addresses of mail servers which are suspected of being badly behaved in that regard. This allow other mail servers to check every incoming mail message they receive against that list, and refuse to receive messages from the suspected servers, since those message may very well be spam.

This of course has very little to do with comment spam, since those mail servers are usually not the same computers used by comment spammers to run their bots. So telling me that my own computer’s IP address is on the list, and that therefore I cannot leave a comment, is irrelevant here. Had I been trying to directly send an email messages, that would have been a different matter, but I didn’t.

There is of course another problem there, that my personal computer’s address was on the list. This is because we get from our ISP a dynamic address, meaning that it changes from time to time, and goes to other users while we get a different one from the pool. It’s possible to get a static address, but this costs more, and isn’t necessary unless you are running a server that people on the outside need to be always able to find. Or simply put, the address was blocked because someone else on the past (They had one incident, logged at February 2004) sent an email message he shouldn’t have…

Overall, like I said, a very real problem, but a very wrong solution. I sent him an email message about this, but due to his big problem of comment spam (his blog is high profile, so a very popular target) he feels that using this is justified. He was nice about it, and offered to go and take my address of the list himself. But I can talk to dsbl myself if I want to. And I don’t want to. Both because this is a dynamic address, and because it’s a non-issue. Apart from his blog this only prevents me from running my own mail server. I have no intention of running my own mail server in the foreseeable future, though. So I declined the offer, explained my position again, and that was that.

Leave a Reply

You must be logged in to post a comment.