A few bad apples shouldn’t be able to ruin it for everyone. However, on the internet, that is usually what happens…

You set up a blog or mail form and everything goes great for a while. Then come the spammers. They want your attention and will do what ever it takes to get through.

Some of it is obviously computer automated:

Dear Sir / Madam.
You want to save your money and get licensed medications? I bet you do!

Others seem hand written:

Hey Gabriel,
Great blog. I really like your photos. Viagra Viagra Viagra.

I am sure that every webmaster/blogger eventually goes through the same stages of grief:

1. Denial – “Oh look, someone accidentally left a funny comment”
2. Anger – “Who are these idiots pushing porn!?! Don’t they know how annoying this is?”
3. Bargaining – “Ok – I can spend a few seconds/minutes/hours deleting the spam each day …”
4. Depression – “There’s is just too much. The tactics keep changing. Why even bother?”andfinally…
5. Acceptance – “Let’s figure out how to deal with this.”

Now for your options

For those of you who have reached the final stage, it is important to know that you have options:

Option 1: Shut down the entrance

First you need to ask yourself if it’s worth the trouble.

You need to consider flight vs. fight. How much do you really need that web form, or those comments? Don’t spend all day defending a form if nobody uses it. Shutting down the entry points is the only sure fire way to stop the spam.

Or, consider this tactic: Remove as many entry points as possible. It is easier to defend the front gate if you lock all the side doors. Evaluate the necessity of each venerable entry point.

Option 2: Evolve your forms

Think cobra vs. mongoose.

Rather then shutting down all of the entry points, it is possible to leave them open and still make it harder for the spammers to enter. Adding a CAPTCHA, or math equation can root out the automated spam, but may also tick off your loyal users. They also offers numerous problems for usability.

You could also maintain a blacklist (or whitelist) which denies access to those you deem undesirable. However, these lists are tedious to maintain yourself and cause trouble when you accidentally blacklist a real user.

There are also other things that you can do, but inevitably the spam will find it’s way through any open door. No single plan is fool-proof. The spammers are well invested and are constantly changing tactics. You will need to be equally invested to keep up.

Option 3: Outsource

When in doubt, call in the professionals.

For email spam, this is already quite normal. People have been utilizing Spam Assassin and other services for years. Others use Gmail exclusively because for it’s spam fighting ability. For blogs and forms, there are a slew of companies that will maintain a blacklist for you.

One of the most exciting new services is called Akismet. Started by Mat Mullenweg (the developer of WordPress), Akismet is a “collaborative effort to make comment and trackback spam a non-issue”. However, it can also be adapted for mail forms and other use. It is free, easy to install and is always adapting to keep up. Each piece of collected spam is analyzed to help improve their filters.

So, what’s my recommendation?

Well as might have guessed – I would suggest a little of each. Whatever you choose, try to make it as transparent as possible to the user. Blocking a few spammers is not worth it if you also lose of your most loyal users.

On this site for instance, I have:

• Limited the entry points. In addition to the comments there is only one form (the feedback form).
• Taken small steps to catch the automated spam. This includes a hidden random variable in the forms and automatic moderation of all comments that contain any links.
• Hooked up Akismet. Hey it’s free! Since 2008-01-02 it has caught

Hopefully, the readers will never know that these measures have been put in place. Unless, of course, they choose to read this post…