Hello, I was waiting for you: please take a chair

So your comment was denied on a blog, and the perennial Spam Karma error message showed up, informing you it couldn’t be posted (provided the blog admin was a responsible admin and was keeping up with versions, you should have gotten the “updated” message, which isn’t so nasty any more: if you received some rather offensive piece basically accusing you of spamming, please accept all apologies and keep going).

Quite obviously, since you are reading this, you are not a spammer. You know it, I know it. You feel unjustly singled out, quite possibly frustrated, perhaps a bit angry and, if your mom didn’t hug you enough as a kid, you might even be inclined to overly aggressive and rude behaviour toward anything that ressembles a culprit for this problem. Please read on…

First, let me tell you who the real culprit is: it is not Spam Karma, nor Spam Karma’s developer (me), the blog admin, Santa Claus, Tim Berners-Lee or anybody else you are ever likely to talk to.

Please keep all your mental death rays for spammers. They are the only ones who deserve it.

Spammers, out of a mix of stupidity and greed, have so far managed to destroy entire parts of the Internet. While it is doubtful they’d ever kill blogging altogether, just go have a look at what happened to Usenet and what is currently going on with email. You should realize this is not an empty threat.

Spam Karma was born out of my personal frustration as a user facing the avalanche of spam and the endless succession of well-meaning, yet wholly insufficient, spam-fighting tools. As for many people, it came down to two options only: either find a proper way to automate spam fighting or close comments altogether. I think, seen from this angle, we can all agree that any solution, however imperfect, is better than nothing.

Yet, for anybody with more than a passing interest in the mechanisms behind SK, it should be fairly obvious that preventing unfair blocking of innocent users (”false positives” in technical terms) was one of my utmost priority. Of course, this probably won’t sound very convincing to those who got sent here by that dreaded “comment eaten” message…. Please allow me to make my case in more details below. If you are not interested by all this mumbo-jumbo, feel free to skip to the last section, where I give you a few tips on how to work around your current issue.

One essential point to keep in mind, is that all this is only fully pertinent for Spam Karma 1, which is most likely the version that sent you here. Spam Karma 2 works differently (read: even better). and quite likely wouldn’t have blocked you. More on that later.

Spam Karma, False Positives and accessibility

When I put together the rather complex collection of filters that makes SK, I purposefully ruled out many popular “anti-spam methods” precisely because of their unreasonable cost in terms of false positives. For example: methods requiring browsers to have Javascript support, or the user to view certain graphics (bad for blind net users) or to answer a riddle or something in a specific language (bad for users with a poor command of whatever language the instructions are given in). All these, as a standalone solution are widely used by anti-spam plugins, but generates more false positives than I consider acceptable.

There again, my philosophy is that “difficult” is better than nothing, and as such, I retained some of these filters that pose accessibility problems (such as Captchas), but only as “last resort” solution, i.e. if SK’s choice is between discarding a comment and presenting a Captcha, it will do the latter. Additionally, I tried to offer redundant options (such as auto-moderation by email as an alternate solution for commenters who can’t use Captcha)…

So, trust me, I went to extra lengths trying to make sure collateral damages would be kept to a strict minimum.

Then why did your comment get blocked?

Well, there are (were, to be exact, since once again SK2 addressed most of these issues) a few ways for a comment to be incorrectly identified as spam. Many actually. But here are the most common ones:

• User settings: SK gives the user full control on how tough it should approach potential spam. The documentation explicitly recommend to start lenient and crank it up if necessary. Unfortunately, some users do not read the manual (did I say “some”? sorry, meant not a single one of them bother reading it), others are so frustrated with their spam problem that they decide to go overboard, not fully realizing there are implications, or perhaps realizing, but considering it an acceptable trade-off.
• Misconfiguration: slightly different from the point above, in that, very often, the user fails to correctly install SK (it’s one of the easiest program to install, ever, but it’s quite easy to screw up things if one doesn’t even glance once at the doc), or, very often too, a particular server setup will turn up incompatible with SK. This kind of misconfiguration, in the hands of an uninformed blog admin, can result in a fully unusable comment form.
• Blacklist: most of the blacklist entries are automated, and it’s unlikely you’d end up there by mistake. However the user may have added certain words or IP that affect you. Another potential blacklist where your information (IP or URL) may have ended up, are Real Time Blacklist (RBL) servers. These servers (such as Spamcop or Spamhaus) are known to be quite aggressive in their blacklisting, and your IP could have ended up there for merely figuring on the same ISP network as a bad guy. SK is in no way affiliated with any of these RBL servers. It mostly offers offers the option to conjugate effort by consulting them as an extra check. If the blog admin decides to use them and your comment ends up moderated, the incriminated RBL maintainer is the one to go contact.
• Proxies: The number one cause for “real” false positives… Proxy servers do not agree with SK, SK doesn’t like proxies. This is deliberate: Most, if not all spammers use proxy servers to hide themselves when spreading their junk. Further more, it is also a very common trait of spammers to use “pools” of IPs to hit blogs, and thus optimize their operation. The problem breaks down to this: forcing SK to be nice to proxies (those that do IP masquerading, anyway) means relax the whole attitude toward IPs: not enforcing any form of consistency (e.g.: the same IP expected to fetch the comment form and submit it) and leaving the door open to a whole array of very basic dirty tricks that let spammer hide their tracks with much ease.
  This trade-off was simply not acceptable. Although this is an option that can be disabled by blog admins (there again, the doc makes it clear that there are risks associated with keeping it on), I typically consider it too important a factor to leave it out of my own blog filtering configuration.

As you can see, all but the last one of the items above, are things I, as the developer of Spam Karma, have absolutely no control over.

Regarding proxy use limitations, the problem was duly addressed in SK2 by softening the penalty associated with it. Typically, comments are no longer discarded on the sole basis of a non-matching IP (i.e. behind a proxy) but simply rerouted to “stronger” verification process, such as Captcha or email auto-moderation. Not ideal, but not a showstopper by any means.

What can you do?

Many many things…

1. Please keep your calm and, before all, remain courteous: sending me inflammatory emails is definitely not gonna impress me into helping your ass or doing anything about it. You’d have to do quite a lot anyway to beat the weekly dozen of borderline death threats I receive from people who have obviously as much grasp of modern technologies as I, of traditional Inuit craftsmanship. And if you think such a number has to prove I’m doing something wrong, please put it in perspective with the hundreds of enthusiastic props and thank-you letters I have gotten (especially considering people are more prompt to write when they are angry than when everything’s fine), and the many thousands people who are currently using SK…

   I honestly feel bad for all those who contact me with polite assistance requests but I have no qualms clicking on the ‘delete’ button instantly whenever I spot a suspiciously high number of ALL CAPS or strong !?! punctuation inside a mail.

2. Contact the blog admin! He is the one in position to help you, not me. Every single comment eaten by SK, is kept in a digest that is usually sent regularly to the admin. Chances are he’ll spot your comment and restore it himself. You may want to contact him to discuss that with him. And while doing so, ask him what are the exact reasons listed by SK for your blacklisting (this might help you solve your issue).
3. When contacting the blog admin, you probably should recommend he upgrades his install to Spam Karma 2, which not only brings gazillions new useful features, but also addresses many of the shortcoming of SK 1.x. The only requirement for running version 2 of Spam Karma, is an up-to-date install of WordPress. SK2 has now been running on hundreds of blogs (including this one) for many months now, and gotten outstanding results in terms of false positives (hardly any at all, in fact).
4. A silly but useful trick, when you just lost a long comment after submitting a form, is to immediately press the “back” arrow on your browser. On most system, this will bring you back to the comment form, such as it was when you submitted it. Do not attempt to post the comment again, it will likely only result in a stronger ban being set against you, unless the reason of your original ban has been figured meanwhile. However, feel free to make a copy and email it to the author or keep it for an attempt later, once the problem has been fixed.
5. There exists one nearly infallible way to get your comments posted on a blog: register an account on this blog (it is usually open to anybody and doesn’t require anything else than basic log/pass type info). Such “accounts” exist on every Wordpress install and are there to help admins build community around their blogs (they can promote simple “visitor account” to actual editor levels etc).

   Basically, SK considers registered members with a much keener eye than anybody else, and is likely to let you go through, even if, for example, you are accessing behind a proxy.

6. Of course, and this goes particularly to the people who’ve sent me nasty messages so far: while I spend ridiculous amounts of time coding and supporting SK, I am not making any serious money out of it (but I have received many generous donations from satisfied users, that have all deeply touched me, if not helped paying for my many costly vices and addictions)… If you consider it a priority for blogs to be both easy to comment on and free of spam, it’s entirely up to you to help finance the effort. Then feel free to come back and berate me all you want on the shoddy work I have done with SK.

Yea, but what do you do about it?

Me?

You mean when I’m not spending my days doing free support for Spam Karma, foiling assassination attempts against my person, or checking on whatever new tricks the spamming monkeys are coming up with?

Well, I somehow managed to find it in me and in my schedule to do a massive rewriting of Spam Karma, it’s unoriginally called Spam Karma 2 or SK2, and it does all that SK1 did. Just better. I’ll refer you to SK2’s page for more info, but roughly, it practically never yields false positives any more… So it’s up to you to spread the word among bloggers, so that none of those pesky obsolete SK1 remains behind and prevents your future commenting attempts…

I think this is roughly all there is to say about Spam Karma for now. Please feel free to consult the rest of the site: there’s lots of stuff (whether on SK or the uneventful life of a drunken foreigner living in Japan).

And if you have any question that is not covered in the above rant, feel contact me using the form on this site.