Here is my current list of DNSBL’s that I use for blocking [much] spam, proxies, hijacked PC’s and “problem” IP’s.  Note that even using all of these DNSBL’s at the same time still will not prevent all spam, but when used in combination with Akismet, your site can be 99.9% spam free.

The real use for these DNSBL lists is to block open proxies and other IP’s that can cause trouble:

• rbl.efnetrbl.org
• spam.spamrats.com
• combined.abuse.ch
• xbl.spamhaus.org
• web.dnsbl.sorbs.net
• dnsbl.ahbl.org
• problems.dnsbl.sorbs.net
• opm.tornevall.org
• cbl.abuseat.org
• dnsbl-2.uceprotect.net
• dnsbl.mags.net

In addition to Real Time Block Lists and static lists of blocked server farms I also use Akismet for blocking spam so I don’t really have a big spam problem.

But once in a while I get a nice, wordy comment posted here at the blog that slips past all the protection. When this happens it’s up to me to figure out if the comment is real or just some shitty, low-life, worthless spammer. For doing this I have one rule/process. It’s pretty easy, and so far has been nearly 100% effective and correct. This is how it works:

When you get a questionable comment – ask yourself this question:

Would this comment make as much sense on any page other than this one?

If the answer is “yes, this comment would make as much sense on a post about using SEO to increase traffic as it would on a post about why Google Plus is better than Facebook“, then it’s SPAM.

If the answer is “No, this comment only makes sense being posted to this particular post“, then, it’s not spam.

Here is an example of a comment that some clever spamshitter recently left on a blog post of mine regarding, what else, blocking spammers:

This is the fitting blog for anyone who needs to seek out out about this topic. You understand so much its almost arduous to argue with you (not that I really would want?HaHa). You undoubtedly put a brand new spin on a subject thats been written about for years. Great stuff, just great!

He almost got me by going for the ego and flattering me with the “great stuff” line, but the fact that this comment could be posted anywhere, on anything, regarding any subject, means it = SPAM. Sorry Mr. Einstein from Bulgaria, but it’s the spam-can for you! Go get a fucking job!

The most amazing thing about this is that it seems to indicate that people actually still use Digg. : How To Get On Digg’s Front Page

Most of my posts about fighting spammers, email harvesters and content scrapers focus on blocking them from your website. Blocking spammers and scrapers is all fine and well, but it’s a little selfish isnt it? I mean, if you (or your systems/modules/mods/firewall) identifies a spammer or content-scraper’s IP address why keep it to yourself? Especially if you are using shared or open systems like Akismet or BadBehavior which makes use of ProjectHoneypot.org‘s http:BL you might even feel guilty for not “giving back” to the anti-spam community! Ok, well maybe you never thought about it, but after you read how easy it is to give back you should feel guilty if you don’t!

How To Help The Fight Against Spammers, Harvesters and Scrapers:

You can easily help identify and catch spammers and harvesters by contributing resources to Projecthoneypot.org. Projecthoneypot is (i think) the largest free, open collection of honeypots on the internet. Projecthoneypot makes all the data it collects freely available via their http:BL (via BadBehavior, MOD_HTTPBL, http:BL for WordPress, and more).

There are 2 very easy ways you can contribute to the fight, and 1 slightly-less easy way:

First, you need to go over to ProjectHoneypot.org and create a free account. You will need to create an account either if you want to use their spam-blocking services above, or if you want to contribute resources. After you create your free account you will be issued an http:BL API key which is needed for any of the http:BL spam-blocking systems and you will then also be able to contribute spammer-blocking data in one of three ways:

1) “Borrow” someone’s shared honey-pot via a Projecthoneypot QuickLink: This is super easy! After you create your Projecthoneypot account, just click ‘Manage Quicklinks‘. After answering a question or two about your site, you will be given your own Honeypot link that you can paste on your site. You put this link on your website so that only bots/scrapers/spammers can ‘see’ it (it’s simple – and there are full instructions). Your visitors will never see the links, but spammers and scrapers will (there is a hidden honey-pot link in this post.. do you see it?) – they will follow the link to the shared-honeypot, where their IP information will be caught and published on the public block-lists. This is literally as simple as copying and pasting a link onto your site!

2) Install your own honeypot to catch spammers! I avoided installing my own honeypot for a long time because frankly I just assumed it was too complicated. But after finally taking the time (2 or 3 minutes) to read the instructions, I was surprised at how simple it was. To create and install your own honeypot, log-in to ProjectHoneypot.org and click ‘install a honeypot‘. Answer a few questions like what the URL is for your website, if you want to share it with others, and what language you want the honeypot in (probably PHP), and a custom honeypot script will be generated for you to download – full, step-by-step instructions are provided, but, basically you upload ONE SINGLE .PHP file to your website, open that file through your browser, click a link, and that’s it! You then put invisible links to your new honeypot on your website. The whole process, start to finish should not take more than 2 minutes.. 3 if you read slow!

3) Donate an MX record: Donating an MX record will allow project honeypot to generate unique (fake) email address to catch spammers. These fake email addresses are posted in honeypots for spammers to find and the more unique domains available, the better. Donating an MX record does not use your email system or any of your resources because all of the (fake spam) email goes directly to Projecthoneypot.org and unspam.com’s email servers. To donate an MX record you need to be able to edit your DNS Zones/DNS MX records – it’s not as simple as using a honeypot, but full instructions are given, and it’s not difficult. If you are comfortable with editing DNS entries it’s a snap, if you aren’t comfortable monkeying with your DNS settings, you may want to stick with method’s #1 and #2 above. I was uncomfortable donating and configuring an MX record at first, but after doing the first one, i’ve since donated several more.

Now that you know how easy it is to help in the fight against spammers/email harvesters/scrapers you have no excuse not to help – NOW you will feel guilty if you didn’t feel guilty before.

Note about links: You may notice that the links to Projecthoneypot.org above are ‘referral’ links. Projecthoneypot referrals are not paid referrals. Instead Projecthoneypot keeps track of how many referrals each member has for “karma points”.. We don’t really get anything else out of it other than feeling better about ourselves for helping spread the word about how easy it is to fight spam