Teaching Akismet Part 1: I am Good

11 Apr MaxPower Features, Spam, Wordpress 15 comments

Introduction: Part 1 of a 2 part series focused on how Akismet can / could be taught good or evil. Part 1 below explains the situation I found myself in, and the steps that I took to remove myself from Akismet’s list of comment spammers. Part 2 introduces some theoretical concepts for the creation of spamming networks.

Akismet is a Black Box, what's inside?For the past couple of days, Akismet (a popular comment spam fighting service provided by Automattic et al) had me pegged as a comment spammer. I didn’t know that Akismet was doing this, I only figured it out after several random blogs refused to post comments I had made.

When I became aware that Akismet thought I was a comment spammer, I sent an email of to Akismet via the official channel and I posted a help request on the WordPress support forums. I haven’t heard back from the Email I sent, and over at the forums the only suggestion on how to resolve the issue was to contact Matt (the creator of Akismet and Wordpress). This isn’t a fault of the WordPress forums, rather, there is no official channel to go through to clear your name. For the record, let me be clear:

I do not make comment spam and I don’t know how I became labelled as a spammer. This is because Akismet is a black box, or a device with known inputs and outputs, but unknown internal mechanisms.

If you go to Akismet jail (without a trial) how do you get out? I began to research to learn all I could about Akismet. What we know about how Akismet works comes from the official FAQ:

When a new comment, trackback, or pingback comes to your blog it is submitted to the Akismet web service which runs hundreds of tests on the comment and returns a thumbs up or thumbs down. …

When the plugin catches something as spam it saves it in the database for 15 days in case you want to check it out manually and then automatically deletes it. In the unlikely event something gets incorrectly identified as spam you can correct it and it submits the “false positive” back to Akismet for analysis and improvement of our system. If a spam comment happens to get through and you mark it as spam within WordPress, it does the same thing. Akismet becomes more effective the more you use it.

In addition, over at Simple Thoughts, Angsuman Chakraborty wrote an interesting post entitled, “What Matt Mullenweg (WordPress Author) Knows About You (WordPress & Akismet Plugin User).” There, he figured out what kind of info Akismet sends back to interpret comments as spam / not spam. All this was very interesting, but it got my no further to my goal of getting out of Akismet jail.


My identity had been taken by a black box for unknown reasons, and there was no way to get it back. Granted, on the net it is very easy to change your identity, but I had been writing as myself for quite awhile. Why would I want to give up what little, if any, reputation I have? Especially to the black box?

I re read everything I had found and keyed in on this sentence in the official FAQ: “Akismet becomes more effective the more you use it.” Of course! Akismet ‘learns’ what is spam and what isn’t spam based on the thousands of blogs that use it (as of December 05, some 55 000 blogs were using the free service). Obvious revelation: Akismet is a social spam marking tool. What if I did a little experiment, grade school style…

Problem

Akismet thinks maxpower spams.

Hypothesis

If somewhere, somehow, Akismet learned that I, maxpower, was a comment spammer, then it can also be taught that I am not a comment spammer.

Materials

PC with internet connection, access to admin area of akismet enabled blog

Methods

  1. Make comment on blog as maxpower
  2. Observe akismet interpret comment as spam / not spam
  3. If Akismet determined that Maxpower’s comment was spam, enter admin area of WordPress blog and mark comment ‘Not Spam’. Repeat 1 and 2 as necessary until comments do not get flagged as spam.
  4. When, and if, comments are no longer labeled as spam, make comments on other Akismet enabled blogs to determine if truly out of ‘Akismet jail’

Observations and Results

It took only three comments on my own blog before Akismet decided that I was not a comment spammer. This was validated by my ability to once again make comments on other blogs protected by Akismet.

Conclusion

Akismet really does learn from what it’s users tell it. Somewhere, someone must not have liked one of my comments or more likely, Akismet must have interpreted an insightful and relevant comment as spam (perhaps I had too many links, as decided by the black box). If you find yourself in a similar situation, simply repeat the methodology outlined above. This will make the black box like you again. Of course all this predicates itself on the fact that nothing changed internally within the black box during the time I first noticed my comments being blacklisted through them showing up again. Future research will pickup on this idea.

Future Research

Based on my research and conclusions above, I have already started to look into how Akismet may be taught to be evil (Teaching Akismet Part 2: You are Bad). In other words, how people could game Akismet to further their own personal goals.

Tags: , , ,
« Free Icons: Snowish
Simple SEO: Choosing Keywords and Tags »

This post has 15 comments.

  1. Angsuman Chakraborty
    11 Apr 06
    2:18 pm

    Your trackback comment was marked as spam on my blog. I approved it.

  2. deepthought
    11 Apr 06
    2:33 pm

    Hmmm interesting, thanks for leaving a comment. I didn’t teach Akismet anything about trackbacks yet.

  3. Teaching Akismet Part 2: You are bad. at MaxPower
    25 Apr 06
    11:06 am

    [...] This article continues down the same path as Teaching Akismet Part 1: I am good with a look at how Akismet could be used for nefarious purposes. In the first post we learned that user input determines what Akismet thinks is spam. In this article, that idea is expanded in order to teach akismet to be bad. Below are listed three potential applications of the idea that Akismet can be taught things. [...]

  4. Justin
    02 May 06
    3:14 pm

    With my luck this will end up marked as spam. [editors note, it did]

    On my own blog (which I and others post on) Akismet keeps blocking my comments to other people’s posts. I’ll set them as ‘Not Spam’ a few times, and it’ll start letting them through again. Skip ahead a few days, I’m blocked again.

    From when it appears to start blocking me, I can only assume Akismet doesn’t like people posting multiple links in comments. Which I like to do ;)

    I’m glad I’m not the only one with this problem! Thanks for writing this.

  5. Enseñando a Akismet at molgar.net
    16 May 06
    1:27 am

    [...] le ha pasado a Kirk Montgomery, que aquí nos lo cuenta, y relata cómo ha podido zafarse de la etiqueta de spammer. akismet,spam [...]

  6. harc a spam kommentek ellen - kobak pont org
    23 Jun 06
    11:22 am

    [...] akismet - sokan használjuk. Előnye, hogy könnyű telepíteni. Regisztrálni kell a wordpress.com oldalon, majd az ott kapott egyedi kulcsot megadni. Kész. Működik. A baj vele az, hogy nem sok befolyásunk lehet arra, hogy mit jelöl spamnek, s mit nem. Sokan egy fekete dobozhoz hasonlítják. Többeknek meggyűlt már emiatt a baja, s váltottak más spam filterre (pl.: Kelt, Maxpower) [...]

  7. GoTeamsGo Fan Forum
    17 Jul 06
    9:46 pm

    Akismet False Positive…

    After installing a real cool trackback/pingback option into our vbulletin forum software, I set up a Wordpress blog to test it. When it didn’t work like I expected, I dug into my WordPress dashboard &……

  8. Eric
    19 Sep 06
    9:34 pm

    Very interesting article! I had considered enabling askimet on one of my blogs, but had been hesitant due to the black box issue you discuss. Your experiment would tend to indicate that a “true” comment spammer could just run the same proces you did on their own blogs and get back in the good graces of the box. If it is that easy to defeat and has a tendency to incorrectly ban legitimate posters then I don’t see it would be something I would want to use.

  9. Justin
    20 Sep 06
    5:16 pm

    I’m still using Askimet as I was in the comment above (from May), and I honestly haven’t had that many false positives (other than the ones cause by multiple links in a single comment). I do find the system useful, and vastly prefer it to manually deleting comment spam. :)

  10. deepthought
    20 Sep 06
    6:05 pm

    I think the best is a combo of Akismet and Bad Behaviour. BB stops bots from repeatedly hammering away at your site. Akismet stops everything that gets through. Pretty formidable one-two punch. Do you use BB as well?

  11. Justin
    20 Sep 06
    7:43 pm

    Yup, I use Bad Behaviour as well! I’ve had good luck with that as well (and only blacklisted myself once when playing with improperly user-agent’d RSS software! I have a knack for getting identified as a spammer, I guess.) The logging feature is particularly interesting.

    I use Spam Poison as well, though I’m not sure how effective it really is.

    And if anyone is looking for a spam-resistant shoutbox, I have to suggest this one:
    http://pierre.sudarovich.free.fr/index.php/2006/02/28/ajax-shoutbox/

    I installed it 3 or 4 days ago, and it’s already blocked 307 spam messages to my shoutbox (which seems to be oddly unprotected by Bad Behavior, I think. That’s for another day’s tinkering…).

  12. Tom in Cala Dor Palma de Mallorca
    01 Oct 06
    8:20 am

    The best way to stop spam would be to spend some time in moderating the comments persoanlly rather than relying on any captchas. You can go to the other extreme of not allowing anyone to comment - but then the whole essence of sharing information is lost. At least Yahoo and MSN rewards the commentators with relevant backlinks, so that is a reward which many spammers like to go for.

  13. xsplat
    21 Mar 07
    1:51 am

    I’ve been trying for the last 2 hours to train Akismet, with no success. I even started a 2nd blog, using a proxy, and posted from my banned blog to that, dozens of times.

    I’ve contacted Akismet twice. Sucks. Cant get unblocked.

  14. ponykenobi
    11 Apr 08
    1:31 am

    Humph, you’ve changed my mind! Your arguments are convincing indeed. Despite I’m not a person who is easy to be convinced.

  15. Pete S.
    01 May 08
    4:16 pm

    I’ve had really good luck with Yet Another WordPress Anti Spam Plugin — http://wordpress.org/extend/plugins/yawasp/

    It changes the fields in the comment script form “author”, “url”, “email”, etc. to random values. These values change every 24 hours.

    It also has a field that must remain empty (but that spambots will fill out).

    The result is that the spammers are unable to properly submit their spam.

    The empty field is hidden from human users, so there’s no way to accidentally break it.

    To a human viewer, everything looks exactly the same as usual. The normal “Name”, “Email”, “Website” labels are next to the text fields. The only difference is the name of the fields on the backend.

    So far, it’s been 100% effective for me. Woot.

    (I have no relationship with the plugin author. I’m merely a satisfied user.)