Managing Comment Spam

spam.jpgComment spam seems inevitable. Every blog, podcast, or site that I’ve run that allowed comments turned into a place for comment spam. Over the years I’ve tried numerous methods to kill the spam and most of them either didn’t work very well or stole too much of my time to deal with something annoying. After dealing with this problem for several years I now have a setup that manages most comment spam with little work on my part.

Mollom or reCapthca

All users you can comment who have not gone though some kind of account registration with email verification have a filtering mechanism. My go to solution is Mollom. It's a service that checks content and returns if the comment is spam (the bad stuff), ham (the good stuff), or if it's not sure. If it's spam it doesn't allow it, if it's ham the comment is posted, and if it's unsure a captcha is displayed. This keeps user annoyances at a minimum but still has some level of protection.

For cases where I want a captcha on every comment I often use reCaptcha instead. The captcha display is a little more slick and usable.

This kills most comment spam on newer posts where any conversation is actually happening. For Drupal the Mollom and reCaptcha modules provide integration with these services.

Closing Comments On Old Posts

Older posts are known to get comment spam. They've been linked to and might have good ranking results in Google. If you aren't following them anymore its a place spammers may be able to slip comments on posts where they may not be noticed by the site maintainers.

To deal with this I simply close comments on posts older than a month. Very rarely do useful comments come into older posts and the conversation that happens when something is posted is already gone.

The comment closer module in Drupal provides this.

Nofollow Attribute

If a spam comment or two gets through my setup and I don't catch it I don't want to help the spammers out. To deal with that all links in a comment have the nofollow attribute attached. This stops search engines from following the link.

In Drupal this can be done in the input filter configuration.

This setup keeps my work managing spam at a minimum and still allows for conversations to happen. What tricks work to keep spam down on your site?