[funsec] Comment Spam: new trends, failing counter-measures and why it's a big deal

[Dude VanWinkle]

Also, one of the most successful selling points (and IMO one of the
most successful detection methods) for modern spam products, is a
large user base running an application that takes both user input (eg:
marking something that made it to their inbox as spam) and automated
cross communication (eg: 50,000 users received a message from
192.168.0.1 or 50,000 users  received a message that has a hash value
of blah).

If there was an app that was run by many blog sites that would collect
this data (hash of messages posted, IP postings across multiple sites,
as well as looking to see what made it through the system and was
later removed by hand/declared comment spam) it would definitely add
to the success of mitigating this nuisance.

I know these arent new ideas, but its early, and if something works
for one type of spam, it should probably work for others.

As for a semi-new idea(to me at least), since botnets are probably a
main source of spam (both smtp and http-put), how about blacklisting
botnet IP's? IP's which are gathered from those other 3 projects that
Gadi mentioned on a different thread. It would be safer for all if the
IP's were munged so that a nefarious individual running the app
couldnt simply, get their update and commandeer a botnet army, but
thats a whole 'nother issue in and of itself.

-JP