A Short Post On Spam Protection

Posted on Sun 29 July 2007 in Dispatches • 2 min read

Well, it’s official. I’ve had my first few spammers attempt to leave comments on the new site. Unfortunately for them, their efforts are to no avail.

This is because I use a modified version of the Django comment application that I hacked together myself. By default, all comments that are posted on this site are analyzed by Akismet, which I’m finding remarkably effective at spotting spam. If a comment is found to be spam, it is recorded in the database, where I can recover it later if I have reason to do so. Unlike with other comments, this is done without emailing me and I can blissfully ignore the whole process unless someone complains that their comment was marked with a false positive. In fact, I don’t even have to see them as I can filter out all those comments when browsing the administration section of the site. Maintenance is also not an issue as the application regularly deletes any comments labeled as spam that are more than 30 days old. It works pretty smoothly so far.

I had been waiting for the first spam attack on the post-relaunch version of the site, and I’ve been quite pleased with how well the system I have in place is working. I’m even more pleased with what a joy using a framework like Django is for development, but that’s a subject that deserves its own post.

In addition, the spammers have even provided me with valuable debugging information. A few of their spambots’ attempts to post comments threw errors that I hadn’t anticipated when I was writing the code for this site. The errors were actually quite simple mistakes that frankly I’m a little embarrassed that I didn’t plan for. Luckily, Django emails me a backtrace of any 500 error that occurs, and with that information, I was able to fix those problems in about five minutes. So, I guess sometimes spam is good for something. Thanks, spammers! ;-)

If you are looking for better spam protection on your site, I cannot recommend Akismet enough. It is remarkably effective and has an open API, which allows you to integrate their service with virtually any application. Information on how to get a free API key can be found here.

If you are looking to include Akismet in your Django site, then I’d strongly recommend you check out James Bennett’s comment-utils, which is far more elegant and robust than my implementation. Unfortunately for me, it was released after I had already put together my solution, and for my needs I don’t really have a reason to switch as of yet. However, if you are just starting to get ready to deal with comment moderation in Django, you really can’t go wrong by using comment-utils.