*stretches*

[conuly]

I feel better. I think all I really needed was some sleep and food. I'd forgotten I'd barely eaten anything the day before because of my period. I get back pains and constipation, and if I eat, it's worse. Since I didn't have any aspirin in the house, I went hungry mostly.

So now I've got no pains, no hunger, no tiredness. Just me, some PMS, and an idiot emailing me about something stupid I had not quite posted to their blog.

Tell me. Is it *normal* that when a blog requires email confirmation of a comment, the comment gets sent to whoever it is without the confirmation? Doesn't that eliminate the purpose of the confirmation? Doesn't that really annoy you when you decide not to confirm a comment because, in retrospect, it's really not a smart thing to say, and you've got better things to do than to annoy people you haven't even met?

Because I shouldn't have to be exchanging emails with some little self-righteous twit (HI!) over a comment I had decided would just start a silly fight I and she didn't need to be having.

Well, at least that burned up all my residual anger.

So, what's new?

Comments

[moggymania.livejournal.com]

I believe that the email confirmation isn't for the benefit of the user, but rather as a method of guarding against blog comment spam… It's a little weird that it notifies the owner anyway, given that can still result in endless emails notifying of spammy comments, but maybe there's a reason for it (like for reporting spammers)?

[conuly]

Oh, I know it's not for the benefit of the commentor, but I figured that since I was safe in the "confirm comment" option, I could use it to my benefit - and hers, too, since I'd otherwise have posted a comment calling her an idiot and a liar.

What good does reporting spam do, in this world where spammers can spoof emails and get free ones 1000 times a day, if they please?

[moggymania.livejournal.com]

Part of it, on the report-to-ISP level, is because even if you can spoof email addresses or get new ones, spamming software still runs off somebody's computer. So, for example, several years ago my computer was compromised and used by a hacker for spamming -- people hit SpamCop with reports, which were then echoed to my ISP, and my connection was shut down until I could demonstrate that the problem had been fixed. So whether the computer is being used by the owner to spam, or the computer has been infected and remotely controlled, the ISP gets the chance to know it's up to no good and kill the connection.

The other aspect of that on the ISP level is that by capturing the IP of the source, the offending computer can be blacklisted from sending mail to other systems as soon as word spreads (which is pretty quickly).

The non-ISP aspect of spam reporting -- both comment spam and email spam -- is that the messages are analyzed and then used to build shared filters that will reject similar spam in the future. Both individuals and ISPs running blog or email software can then grab the filter list for use in their blocking software in order to keep spam out. That's pretty much why spam has so many completely absurd spellings, and why they change all the time -- if they just write "buy vicodin online" then the message will be blocked because the phrase is recognized as one used in spamming, but "b u y .. v1c0d1n 0nl1ne" is only going to be recognized if somebody else has gotten and reported it first. (Once it's reported and added to filters, that variant is also unable to get anywhere.) Each message gets a score based on how many of the spammy phrases, websites, and IP addresses are recognized, and if it's over a certain score then the software deletes it.

The two ways to make sure people's messages can get through past filters is challenge-response (what you experienced) and whitelisting (saying "mail from this address always gets through"). All of this is basically how Gmail, Yahoo, etc. identify stuff to stick into a "Spam" or "Junk Mail" folder.

[conuly]

Ahhhh. Thanks.

(I still think that unconfirmed comments ought to be ignored. Sheesh, if I'd wanted to talk to this person, I'd've confirmed the comment in the first place)

[rpeate.livejournal.com]

Tom DeLay resigned his leadership post.

[conuly]

That's good. Not as good as what I want, ultimately, but it's more than a step in the right direction.

[moggymania.livejournal.com]

I believe that the email confirmation isn't for the benefit of the user, but rather as a method of guarding against blog comment spam… It's a little weird that it notifies the owner anyway, given that can still result in endless emails notifying of spammy comments, but maybe there's a reason for it (like for reporting spammers)?

[conuly]

Oh, I know it's not for the benefit of the commentor, but I figured that since I was safe in the "confirm comment" option, I could use it to my benefit - and hers, too, since I'd otherwise have posted a comment calling her an idiot and a liar.

What good does reporting spam do, in this world where spammers can spoof emails and get free ones 1000 times a day, if they please?

[moggymania.livejournal.com]

Part of it, on the report-to-ISP level, is because even if you can spoof email addresses or get new ones, spamming software still runs off somebody's computer. So, for example, several years ago my computer was compromised and used by a hacker for spamming -- people hit SpamCop with reports, which were then echoed to my ISP, and my connection was shut down until I could demonstrate that the problem had been fixed. So whether the computer is being used by the owner to spam, or the computer has been infected and remotely controlled, the ISP gets the chance to know it's up to no good and kill the connection.

The other aspect of that on the ISP level is that by capturing the IP of the source, the offending computer can be blacklisted from sending mail to other systems as soon as word spreads (which is pretty quickly).

The non-ISP aspect of spam reporting -- both comment spam and email spam -- is that the messages are analyzed and then used to build shared filters that will reject similar spam in the future. Both individuals and ISPs running blog or email software can then grab the filter list for use in their blocking software in order to keep spam out. That's pretty much why spam has so many completely absurd spellings, and why they change all the time -- if they just write "buy vicodin online" then the message will be blocked because the phrase is recognized as one used in spamming, but "b u y .. v1c0d1n 0nl1ne" is only going to be recognized if somebody else has gotten and reported it first. (Once it's reported and added to filters, that variant is also unable to get anywhere.) Each message gets a score based on how many of the spammy phrases, websites, and IP addresses are recognized, and if it's over a certain score then the software deletes it.

The two ways to make sure people's messages can get through past filters is challenge-response (what you experienced) and whitelisting (saying "mail from this address always gets through"). All of this is basically how Gmail, Yahoo, etc. identify stuff to stick into a "Spam" or "Junk Mail" folder.

[conuly]

Ahhhh. Thanks.

(I still think that unconfirmed comments ought to be ignored. Sheesh, if I'd wanted to talk to this person, I'd've confirmed the comment in the first place)

[rpeate.livejournal.com]

Tom DeLay resigned his leadership post.

[conuly]

That's good. Not as good as what I want, ultimately, but it's more than a step in the right direction.