Spam + Amazon = Spamazon?
Posted by Shane Keats on January 7, 2006 03:01 PM
As we all know, it’s only a matter of time before every great new Internet invention starts getting hijacked by spammers, scammers and other disreputable characters. First it was Usenet and e-mail, now it is blogs and search engine results.
It happens that one of our developers was looking at Video iPods on Amazon this morning and came across these two cases of “comment spam".
Having nothing better to do on a sunny Saturday afternoon, I thought I’d sit in my dark office in front of my computer and do a little research.
As I write, you’ll find these comments on Amazon's page for the video iPod:
Notice that each of these comments contains a reference to a Web site. If you go to those Web sites you are redirected to freepay.com (SiteAdvisor analysis) in the first case and consumerrewardzone.com (SiteAdvisor analysis) in the second. (I was pleased to see that we rated these sites Yellow and Red respectively).
Now someone might say: “Isn’t it ok for a company to post a comment and include a reference to their site?"
First, we should note that this is hardly authentic commentary. As with almost all of this spam, they stole the text from elsewhere. (Fun game to play when you find coherent spam comments like that: take about 10 words and enter them into Google surrounded by quotes).
Secondly, you aren’t going get a free iPod. Well, I should qualify that. You might get a free iPod, just like you might win a million dollars if you buy a Powerball lotto ticket. But the odds are almost as long. We’ll write a lot more about these “sweepstakes" sites later, but for now suffice it to say that the business models of these companies relies on the fact that they make it really, really hard to actually get the product. Most of them have what they call “breakage" rates (meaning the percent of people who sign up, get bombarded with marketing messages, but fail to get the prize) near 95-99%.
One interesting thing to look at when you follow the links above is the parameters in the destination URL. Here you’ll almost invariably see an “affiliate id" number of the person actually doing the spamming. In the case of the first comment spam the URL is http://premiumipods.freepay.com/?r=26078854. Click on that link and the bell will ring and affiliate number 26078854 will smile (apparently, some affiliates are smiling a lot). Unfortunately, we have no way to find out the true identity of mysterious number 26078854, but freepay.com certainly knows and could do something about it, if they were so inclined.
Blog spam
Amazon spam seems pretty rare and we’re not really suggesting it’s a serious problem. Presumably, Amazon has the resources to clean this stuff off when they want to.
A closely related but more serious problem is blog comment spam. All the blog comment spam I’ve ever seen contains a link to a Web site. That is apparently because the primary purpose of blog comment spam is not to get users to click but instead to get “credit" for inbound links to increase their site's search engine rankings.
I admit I haven't really studied blog comment spam very intensely, but I'll conjecture that a database like the one we are building could be helpful in fighting it. For example, had Amazon checked those links in the comment spams against our database then they could have seen that they led to sites we marked as suspicious.
There are all sorts of technical problems to overcome and I don’t mean to suggest that this would be a silver bullet. I suspect that as with e-mail spam, fighting blog spam will require a variety of different methods including some that have already been introduced (“nofollow" tags, authentication). Using our database would fall into the “blocklist" category of solutions (although perhaps a better implementation would be the opposite -- a whitelist approach... long discussion).
Fighting blog spam unfortunately isn’t on our main product roadmap right now. We are solely focused on building a database to protect Web users from suspicious Web sites. That said, if there are any readers who'd like to work on it, we’d be happy to supply the data (at no charge -- we’ve put our database under a Creative Commons license (for non-commercial use) for cases just like this).
Just drop us a note. Or leave a comment on this blog. You can even comment spam us - we turned off all comment security. We enjoy observing the little critters.
[tags: Comment Spam Security]
Comments
Wow! You guys are digging pretty deep. Thanks for looking out for us :)
Posted by: robbrobb | January 8, 2006 06:23 PM
Well, they've been called Spamazon for over a decade now for their ahem, unsubscribable information. Won't surprise me. =)
Posted by: WWWWolf | January 15, 2006 11:42 AM
Hi,
How about making your database available as a DNS zone file? Then we could incorporate your data into our email server blocklist checks. I believe there are similar checks available for comments on blogs. You have a cool web site, keep up the great work. Mike
Posted by: Michael Clark | January 17, 2006 11:53 AM
I'm confused about just what a comment spammer is? If someone addresses the topic at hand, they should be able to link your article to their site. Especially if the site's relate (blog site to a blog site etc.).
Posted by: mark | February 27, 2006 02:49 AM