Normally I take down spam commenters. But a recent comment spammer posting with the name “lively” (claiming the unlilkely email address of firstname.lastname@example.org) struck me as interesting enough to to leave as an example to readers. You can see the comment here.
I searched my logs and found that this spammers discovered my blog through a highly targeted search query:
I don’t know if the spammer manually posted comments to the pages in the results or used a fully automated tool. I also wonder at the spammer’s breadth–I could imagine a fairly simple tool that takes a few parameters (name, email, the targeted search query, and the comment payload) and then crawls and spreads the spam.
This approach is technically trivial and potentially quite devastating–especially if spammers step it up a notch and start varying the comments a bit to avoid detection through duplication. I suppose we’ll see a lot more CAPTCHAs around if this approach catches on.