Recovered from the Wayback Machine.
After a couple of test trackbacks yesterday, I knew that today most likely we would start seeing trackback spam, and so it has proved.
I would suggest that people turn off trackback capability if they’re concerned about receiving spam, until safeguards are put on this other rather huge, gaping hole into our sites.
Matt also noted the trackback problems today, and mentioned about the only viable approach to the problem being a content-specific solution. Which means blacklists based on words.
We’ve already seen that these aren’t particularly effective. They’ve blocked legitimate comments based on fractions of words triggering the filter; they don’t stop crapflooding; they add processing burden on to already over burdened systems; and they’re too easily manipulated to filter on legitimate domains.
Now, we’re looking at doing the same with trackback.
What’s the best approach? Well, with trackbacks, you have a lot more ability to add intelligent safeguards because no one trackbacks anonymously. One can check back at the site to make sure the trackbacked URL is legitimate, or send an email to the track backer confirming the trackback. If this doesn’t defeat the trackback spammer who actually build sites with the permalinks included, then just plain moderate trackbacks.
Unlike comments, trackbacks are removed from the flow of conversation, so if one doesn’t show up immediately, no harm.
In addition, even the most popular post doesn’t receive more than 20-30 trackbacks, at most. It’s no burden to manage the posting of trackback manually. And of course, trackbacks, as with comments, should have throttles in place to prevent being crapflooded.
Why do we have to make things more complicated then they have to be? The more moving parts, the more we’re at the mercy of the spammers.
Trackback moderation — simple, easy, works.