Check out this one, recieved yesterday:
Author : (IP: 220.127.116.11 , 188.126.cm.sunflower.com) E-mail : [email protected] URL : Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=18.104.22.168 Comment: i search for blog like this long time.you website is very good!i will come next time! <a href="" title="" rel="nofollow"></a>
The most interesting thing about this is that it’s not obviously spam. I mean sure, the english isn’t so good, but it may be a second language to someone, and I’m not going to pass judgement based on that. After thinking about it for a little while, I concluded that it actually was spam based on the following clues:
- It was accompanied by another comment on the same blog post, which contained the text “Thank you, I just wanted to give a greeting and tell you I like your blog very much.” but was otherwise identical to the above (including IP).
- It was a comment on a fairly old blog post (always a bit of a giveaway)
- The empty link with the “nofollow” attribute. What the hell is that all about, and why would a legitimate comment include it?
The point is that this spammer managed to waste several minutes of my time (which I am now attempting to reclaim by blogging about it).
I assume that this spam is targetting anti-spam measures, because there is no “payload”: no obvious mention of any online gambling sites, debt consolidation, or the usual bullshit. Targetting anti-spam is the only other explanation I can think of, although I have no idea specifically what type of anti-spam measures they think they are targetting.
Maybe if they send enough decoy comments like this I will be convinced that my anti-spam defenses are not working, so I turn them off?
Maybe they are assuming I use an IP-address based blacklist/whitelist, and this is the first comment which gets them onto the whitelist?
Maybe they want to obscure a few payload-carrying comments by buring them in a bunch of decoys?
Maybe they just want to waste my time? (Mission accomplished)