Wednesday, May 15, 2013

Dear Spammer: I do have a donate button

The fact that spam making software doesn't actually tailor the spam to the page it's posted on or the site in general is obvious, but you'd think that someone somewhere in the spam scheme of things would insert a line of code that made it so the, "It's a pity you don't have a donate button! I'd certainly donate to this excellent blog!" (actual quote) spam didn't show up on a blog with a donate button.

Top of the page, right hand column.  With an image called, "btn_donate_LG.gif."  A simple check of the text of the page would reveal that it does, in fact, say donate.  It says it inside the name of an image, but if you're searching the page source that doesn't matter: run a search for donate and you get a hit.

It shouldn't be hard to make it so that the "I'd totally donate if you just had a button," (paraphrase) spam didn't show up on blogs with a donate button.  Just have a bit of code that makes it search the page's source for the word "donate" and if it gets a hit use some other flavor of spam on that particular page.  It's all still automated, it still requires no human oversight, but it makes it marginally more likely that someone won't be able to tell in one second or less that the message is definitely spam.


  1. I think the idea is that you'll let it through to reply "Actually I do, it's right over there!". That way, the spam gets through AND you feel self-conscious about your website layout (can people not find the button?) so the next wave of "I can optimize your blog layout" might get clicked.

  2. It's probably not so applicable here, but with classic scams like the 419 I understand that the bad English and incompetent use of email is deliberate - both because the victim should feel superior to the scammer, and because they'd actively prefer that people who are going to spot the scam at all should do so straight away, rather than taking up the crooks' time before realising what's going on.