My blog has been inundated with spam lately, some comments, but mostly trackbacks. Ray’s code filters lots of them out, but many do get through. I’ve written a quick and dirty admin tool to let me clean them out quickly, but it’s still a pain.
So over the past few weeks I have been keeping tabs on the domains referred to in the trackback spam. There are lots that show up over and over, and whois lookups on these domains shows that the vast majority are all registered to less than a handful of registrants.
I know communicating with spammers is a waste of time, but what the heck, I fired off messages to several telling them to cut it out, and never received a response from any of them of course.
Until last week. Lots of the trackback spam has been posted for domains registered to a “Scott Hoggett” from an Australian domain. Now to put this in perspective, this seems to be the same creep who got in trouble for registering the domain name singaporeairlines.com.au (assumedly as a way to extort money from that national airline). His name also shows up on several known spammer lists.
I had sent several messages to Scott, including this one on Friday February 24th:

STOP SPAMMING MY BLOG!

Surprisingly, I received the following response from Scott just a few hours later:

Hi Ben,
I apologize for that. You would have noticed that you have received
no comments at all from me, as I filter out your URLs. I forgot to
filter this time, and I apologize sincerely.
I go out of my way to try to ensure that you receive no comments from
me, and if it happens again in the future, a simple and civil reminder
from you will suffice. I can guarantee you that it won’t be on purpose.
Once again, I have deleted your URLs from the current lists.
Kind Regards
SCOTT

I responded with the following:

Scott,
Gee, that is nice of you.
A) Simple and civil reminders were many messages ago, I have asked you
numerous times to stop. At some point simple and civil have to give way to
short abrupt ALL CAPS.
B) You are using trackbacks to spam me, that is not casual comments, that is
deliberately being deceitful, so don’t make it sound like it was a simple mistake.
C) Deleted my URLs from your current lists? Who gave you permission to add
them in the first place?
Although, I will add that I am impressed that you have the guts to at least
respond. Nice to see that even bottom-feeding parasites can do the right
thing sporadically.
— Ben

Well, apparently that upset the creep. Here’s the response I received on Saturday:

Hello Ben,
I think you have missed your calling –
Drama writing would have been more your forte!
Let’s get a couple of things straight here – As I have advised you, the only person who has indulged in anything illegal or wrong is you, by spamming me by email – now that is naughty Ben!
You seem to be under the misapprehension that I need permission – on a public domain – now that is new and novel ! Perhaps if you were Mayor of my local council, I would need permission to walk my dog.
What you loosely class as “spam” [which until recently was used exclusively for email], are still simple comments on a public forum, whether you like it or not. After this recent email from you, I no longer care, and will no longer be removing your URLs from my target lists.
You are a sarcastic, self-righteous asshole, who for some reason believes I care what you think. Yes, I have target URL lists, and NO, I don’t need yours any one else’s permission to place ANY URL on it!
Your tone in all of your emails surprises me that you even know the meaning of “civil”. The fact that a simple mistake was made, even though this should have been blatantly evident, even to a moron like you, seems to be lost on you.
As I have stated to you a number of times, you are the only one guilty of spam so far, which is fast becoming harassment. I will no longer be removing your URL from lists and offer you one more right of reply to this email.
ANY FURTHER EMAIL COMMUNICATION FROM YOU AFTER THAT WILL BE DEEMED AS SPAM AND HARASSMENT, AND PROMPTLY REPORTED TO LEGAL AUTHORITIES.
Regards
SCOTT

Nice, now he is threatening me. Too funny. Definitely time to give him a taste of his own medicine. So, I just sent him the following:

Ok creep,
No more “unsolicited” messages from me. I’ve made some changes to my blog. Now it sends confirmation e-mails when trackbacks are posted to the domain registrant on record.
Now that I know that the e-mail address you are using is a legitimate address, and that you actually read messages, you’ll be pleased to know that when you do post spam trackbacks you’ll be greeted by lots of automatically generated confirmation messages. Hundreds and thousands of them.
And as I have informed you of this, those messages are not unsolicited at all. Your own actions trigger them.
So long, pleasure doing business with you!
— Ben

The code I have set up is rather simple. He’ll get 1 confirmation the first time. 2 the next, 4 the next, and then 8, and then 16 … you see the pattern.
And yes, I know this is a waste of time, but what the heck, it kinda feels good.
I wonder when I’ll hear from him next.

25 thoughts

  1. Geez! And he has the nerves to threaten you! But I’m not surprised. I get hundreds of trackback spam on my blog a week. Thanks to Spam Karma (a WordPress plugin), 99.99% of comment and trackback spam is caught. Spam is a disease and spam generators, like this Scott guy, are the viruses. We can treat the symptoms but I do not believe that we can kill the disease, yet.

  2. Your automated confirmation messages will be extremely easy to filter and block (by either not responding, bouncing or dropping) on the creep’s mailserver. If anything, it appears that your mailserver will be burdened with generating, caching and sending messages. If you are sending from an actual live email address (which you should be doing), your outbound message will simply bounce back to you as undeliverable.
    This is an extreme waste of time and resources.
    I recommend that you generate a blacklist of referring servers/IP/blogs and simply choose to ingnore them as a trackback. In cases where trackback links and comments are only used for automated abuse, you can accept the incoming traffic/message without rewarding it by not honoring it with a post or trackback.

  3. What self respecting Aussie uses the spelling asshole when they know that it really should be arsehole, who does this guy think he is! It’s down right un-Australian…

  4. Just to throw this out there, the latest version of BlogCFC e-mails me whenever I get a trackback.
    There is a link in the e-mail which allows me to delete trackbacks, and the link works w/o me having to sign in.
    It’s an easy way to manage trackback spam; I haven’t needed an interface beyond that. ( One click from my e-mail and they’re gone)

  5. I’m still laughing – this was a great post Ben. This is exactly something I would of done and actually deal with myself too on a forums site I run with my mother for longarm quilters. I simply blacklist their IP addresses that I gather and occasionally take their ip address and reroute them to a site that I know has like 1000 popup windows- gives me some sort of accomplishment πŸ™‚

  6. Guys,
    We’re a bunch of cf developers here in Melbourne. Maybe a little whois query could provide us with that guy’s address. Then it’s just a matter of getting a train-ticket and a baseball bat ;-D
    <cfif isDefined("asshole.address")>
    <cfmodule template="/tools/breakFingers.cfm"
    Target = "#asshole.ID#"
    HowMany = "#RandRange(1,10)#">
    </cfif>
    p.s. I’m french not aussie, so i can use asshole

  7. I was going to suggest using captcha, but that may upset regular humans, when I came across what may be the easiest solution. How about if you just check for http referrer and make sure it was submitted from your blog? I know it can be easier spoofed by the spammer’s engine, but chances are it is not doing it. That will get rid of most of the automated submissions.

  8. I think that many bloggers are oversensitive to the idea of spam. I have posted comments from time to time, and bloggers responded with things such as: thank you for spamming my blog. It’s bullshit. I stopped commenting anymore – now I rarely leave a comment.

  9. good job !!
    Spam the god damnn spammer !! lol
    i just hope ‘Ben Forta’ doesnt like doing this soo much dat he turns into a spammer himself !
    plz dont ! πŸ™‚

  10. Ben,
    Don’t do this. You are only going to cause yourself more problems than it’s worth. If your ISP sees that a flood of email is coming for you account, they could shut you off. Futhermore the recieving ISP could put you on a blacklist. Once that happens, you will have a heck of a time, trying to get yourself off it.

  11. People who generate spam generally enjoy getting emails from people – who they then email back and bait like this person did you. There were at least two people in this conversation between you and him that thoght the exchange very funny.
    Such acts – engaging in this banter, only act to encurage the person farther. The person gets off on this. They enjoy that they got you rattled enough to email and call him names. You’ve created value to his time because his automated process has disrupted another’s life, and eaten away that persons time. That’s a win in their books. It’s a form of positive reinforcement. If they send out their million track-back spam, and nobody replies, that is very unsatisfactory. But if they get a hit, they capture someone’s attention – their efforts and existance are justified.
    Just keep shutting down the efforts, quietly, and continually. It works pretty good.
    But I’m just speaking from combating spam on a 10-year old forums site. It works pretty well.

Leave a Reply