I received a ping from Anil on their newly released beta product TypePad AntiSpam while I was on vacation. I told Anil that I would look into it and write a balanced article on it when I got back. I procrastinated on writing the post for quite a while but that also gave me the chance to think about the product quite a bit, have some conversations with Anil and others about the product and ruminate on the merits, usefulness and finally the viability of the service. It came as no surprise to me that Six Apart would come up with such a product and the choices made for the product are even lesser of a surprise. I had some initial thoughts on branding and the nature of the product that I communicated to Anil privately but the rest of the review of the technology and the service is my opinion verbatim.
From the main page for TypePad AntiSpam, here are the salient features:
- Free for everyone, regardless of how many comments you receive
- Adapts to changing spam tactics
- Retains quality comments
- Already built in to the TypePad blogging service
- Plugins for Movable Type 3 & 4
- Plugins for WordPress 2.5
- Open Source
- 100% Akismet API compatible
The product is being tested by quite a few bloggers and has already received positive feedback for effectiveness from big names such as Michael Arrington of TechCrunch. But I hope that the initial successes are not short lived.
The plugin(s) and the core engine that runs the service are both Open Source (GPL v2) and though Six Apart is not sharing all of the rules and logic that run their implementation of the TypePad AntiSpam engine, they are willing to share the core engine code in order to facilitate others in developing similar services with their own sets of rules and logic. Worthy of note is the fact that the TypePad API is completely compatible with the Akismet API (which is incredibly simple to use, BTW) and any plugins that make use of the Akismet API, will be able to transparently use TypePad AntiSpam as well.
What is “Hot” about TypePad AntiSpam?
- It is Open Source: The API and the core engine being OSS provides a lot more flexibility and gives developers a lot of insight into the product. Innovations are the likely result.
- It is free: Free is always good, but can have its shortcomings.
- Simple API: Kudos for building interoperability into the service. We have a common enemy.
- Written in Perl: I am not a Perl snob but have written enough OO Perl to know the benefits. Akismet fought with language barriers and scalability for quite a while.
- Extensible: Developers can write plugins for the service that will provide added functionality, rules and logic that could make the service better and more versatile.
What is “or Not” about TypePad AntiSpam?
- The Engine is Open Source: This poses a serious set of problems for the Spam Mitigation service providers. Akismet can keep spammers guessing because a select few people know how it really works. The rules and logic are not the only secrets but the whole ball of wax is closed to prying eyes.
It might become easier for spammers to figure out ways around the TypePad AntiSpam service and they could start tainting information to suit their purposes. OSS in this case can be a double edged sword. - We might see in spammers posing as anti spam services just like we have anti virus and anti spyware services mushrooming over the web.
- While a well funded corporation can keep up with the scalability needs of floods of Ham Vs Spam, smaller services will find it hard to manage and still be effective. Free anti spam services can easily die under the load and reduce trust amongst users.
- Too many sites offering the same service will water down the effectiveness of the intelligent rules that depend on real spam data to target spam. Akismet, GMail and other services that rely on their users’ feedback to fine tune their Spam targets, depend on the large amount of positive and negative re-enforcement to increase their effectiveness. Though this is speculation on my part, my understanding of intelligent, knowledge based systems is the reason behind this guess.
- Though the engine is Open Source, there seems to be no plans to incorporate advances developed by end users directly into the codebase. This might change with adoption and maturity of the product but at first glance, it seems to be lacking foresight.
- Since their API is compatible with Akismet (which is a good thing), this might encourage plugin developers to try and overlap spam services in order to increase the effectiveness of their anti spam plugins. However, doubling up on spam checking will not only increase comment posting latency, it could potentially make their plugins less potent in recognizing spam.
TypePad AntiSpam is a step in the right direction. Six Apart is providing tools to fight a common enemy and is offering up the tools with the right attitude. Some of their choices are suspect in my eyes as more competition for Akismet and Automattic than in support of their real belief in community service and benevolence. Nonetheless, it is a step in the right direction and they should be applauded for their efforts. I sure hope that the weaknesses that they have built into their product does not reduce its effectiveness in the long run and they can help the blogging community reduce the scourge of Spam.
I think you hit it right on the nose in regards to the biggest concern: Open Source…
*doh*!
I think its great to see how we are working together to tackle a growing problem. Its a brave move by Matt but that just goes to show that what he says he also does. Great job wordpress, this will make everything better for the bloggers to come 😉 regardless of what platform they choose
‘security through obscurity’ isn’t an argument, and it applies to spam protection as well. an effective solution wouldn’t rely on spammers not knowing how it works – like bayesian based filtering
keeping things centralized isnt a good argument either. a spammer will send the same comments and trackbacks to thousands of blogs, you only need to cover one of those blogs to get a sample. some solutions dont depend on getting feedback from thousands of blog admins, as asking a blogger for feedback on what is spam/ham implies that there is spam getting through ..
Frankly, seeing the Six Apart enlisting in the anti-spam legion with a contribution positioned as a serious, new and thorough solution counts as another “Hot” for me, by itself. So, I respectfully disagree with placing that aspect on the “or Not” heap, as Six Apart is anything but one of the bunch and if one of the Big Players weighs in, that counts as a good thing in my book. As to what I’d term as “the open source disqualifier” I believe that’s strongly mitigated by this:
Whether it’s to weed out bugs, malware or spam – open source initiatives are IMHO far preferable over closed solutions. Kudos to Six Apart for their at least promising initiative, even though I’m at this stage a bit reluctant to add it to my low-traffic blog, as Akismet is remarkably effective as it is and (I fear, without testing) a double layer may well impact user-friendliness. I might actually switch over, just to see it at work.
Well written, Mark. And quite objective. I do tend to agree with the previous two commentors, though, and will probably at least give TypePad AntiSpam a try. As far as having multiple layers of security is concerned (and the argument of its negative effect on visitors,) that was the de facto standard on WP blogs for quite some time before the advent of Akismet.
Yet, on the opposite side of that coin, from their wording, it appears to perform in much the same way as Akismet. So I don’t see how it’s different. The benefit of multiple layers of security is having a totally different approach at the second level. Correct me if I’m wrong, but I don’t think this is the answer we’re looking for. Besides that, I never get false negatives from Akismet. It just works. Then again, I haven’t tried the plugin. 😉
Um… I just installed the TypePad AntiSpam plugin and activated it, in lieu of Akismet, and it seems to work, but… I think it’s worthwhile to check out the text in the comment header of the script, especially the bits identifying the author:
Heh. So who says they’re competitors? Matt been shopping much lately? Not going to speculate, but I will say this: “Movable Press” just doesn’t make a good name.
The plugin is based very much on the Akismet open source plugin for WordPress, so providing Matt with very clear credit is the right thing to do.
I have found it doesn’t handle floods of automated spam as well as Spam Karma
I think that the initiative is great, but i will wait until i read some more about how it fares with Akismet.
Nice to see yet another alternative, but I’ll be sticking with Defensio. I can’t argue with it’s performance on my blog (stats since March 23rd, 2008):
* 142223 spam
* 393 legitimate comments
* 58 false negatives (undetected spam)
* 35 false positives (legitimate comments identified as spam)
Hmm. Viper007Bond’s comment made me think about something. After reading the Defensio site he linked to, I realized that each and every comment made goes to the Defensio servers (or Akismet, or TypePad Anti-Spam). It seems like we need to discolse this in our privacy policies. Otherwise, get an in-house solution. Granted, these server farm defense mechanisms work astoundingly well at thwarting spam, but what about personally identifiable information? Who’s to say these companies aren’t taking the comments and crunching numbers from them to determine browsing habits and the like? Call me paranoid, but I’ve just started re-thinking even using Akismet. Maybe I’ll go back to the good ‘ol days of Spam Karma/Bad Behaviour, and perhaps mix it up with a Preview button or something.
Jonathan, so… how do you think that SK/BB work? At the very least, they need to have a look at the IP address of the commenter, which together with the date and time on which it’s posted is (or: could be) personally identifiable information. It’s just the way things work – and have to work even, as exchanges of tokens is part and parcel of today’s traffic infrastructure.
Now, if you want to run your own blacklist/scrubbing server…