What’s wrong with Akismet?

False positves, false positives, false positives.

Darren Rowse and Abe Olandres complained about it in 2008. Fast forward 2011, the problem still very much exist.

I had fish legit comments from the sea of spams caught by Akismet countless of times, even when SheepTech is relatively new.

What’s worse? You cannot whitelist that particular person after you’ve “Not spam” his comment. The next time he post a comment, it will again be marked as spam. Damn.

The blog lost a legit comment. The commentator wasted his time and effort. Lose-lose.

What is GASP?

This plugin will add a client side generated checkbox to your comment form asking users to confirm that they are not a spammer. It is a lot less trouble to click a box than it is to enter a captcha and because the box is genereated via client side javascript that bots cannot see, it should stop 99% of all automated spam bots.

Simply put, GASP is a checkbox that fights comment spam on WordPress blogs. It works the same way as CAPTCHA, except instead of typing in random characters, you will only have to tick a checkbox.

And yes, I have replaced Akismet with GASP on SheepTech.

I was as skeptical as you when I first learn about GASP, how can a checkbox possibly be more effective than Akismet, the most popular anti-spam plugin for WordPress?

The number speaks for themselves.

Real Statistics

Akismet catches hundreds of spam comments a day here on SheepTech. It takes serious effort to search for legit comments among them, I would rather spend my time doing something more productive.

What about GASP? First day of installing, 2 spam comments made it through. The following few days, maximum two spam comments a day, but just once or twice they were published before my eyes. The rest (which also rarely exceed one) were held for moderation.

In fact, there is totally no spam comments on SheepTech for the past two days!

In short:

• Akismet: Search for legit comments among hundreds or thousands of spam comments everyday
• GASP: Moderate/check one or two (or none!) spam comments occasionally among the not-so-overwhelming legit comments

It says a lot to reduce thousands of spam comments to just a few.

GASP is Not Foolproof Though

As mentioned above, GASP is not totally foolproof. Very few spam comments still manage to bypass GASP and got themselves published.

This is however totally manageable. Since the first day GASP is activated on this blog, I have added quite a number of keywords to the comment blacklist. Most of the spam comments have common characteristics, so it’s really effective.

Keywords can be added to the blacklist at Settings > Discussions.

Akismet or GASP?

I have absolutely no regrets after deactivating Akismet for GASP. It’s your call though. I would put the situation like this:

Akismet is your elite army, a team of killing machines defending your castle against your enemies. With the advanced weapon they are equipped with, the enemies stand no chance against them.

They however are too arrogant. They would kill anyone on the battlefield, including civilians. Of course, they will not take your orders. You as the king would have to go out yourself, search among the injured armies for civilians and try to rescue them.

GASP? The enemies don’t even know where your castle is, let alone attack it. You can live peacefully, but only until the day the enemy’s intelligence found your castle (if the spammers can break CAPTCHAs, it’s only a matter of time till they have a workaround for GASP, I guess).

[GASP on WordPress Plugin Directory >>]

©2011 SheepTech

GASP vs. Akismet; Why GASP wins?

Some phishing sites might also use domain similar to popular social networking sites, faceb0ok.com for example. So does that mean if the domain is exactly the same as popular sites like facebook.com or youtube.com, you are safe?

If you ask that a day or two before, I would say yes. But not after I received the following spam link on Windows Live Messenger:

Facebook.com, that should be safe. But wait a second, examine the URL more carefully before you let your guards off. The spammer is exploiting Facebook’s outgoing link redirection to gain user’s trust.

What happens when you visit the link? You’ll be greeted by Facebook’s “Please be careful” message, which probably no one reads or care.

Seeing Facebook’s logo and ignoring the little words Facebook put up to warn users, the victim would have a false sense of security and proceed with the charming blue “Continue” button.

You will then be redirected to just any URL that follows behind http://www.facebook.com/l.php?u=. (e.g. http://www.facebook.com/l.php?u=www.sheeptech.com for SheepTech)

The rest were history.

Do notify your friends and family, especially the not so tech-savvy ones, to beware of this new tactic.

©2011 SheepTech

Spammer Exploiting Facebook Outgoing Link Redirection

With Less Spam, Please, a Firefox add-on, you can generate a temporary email address right within the browser itself. Simply right-click on an email field and click on “Insert a temporary mail address“, a random email address capable of receiving emails will be generated.

Right-click again and select “Open the temporary email mailbox for this site” and you can check your mail. The generated email address for any given website will always remain the same.

After installing the add-on, you are required to first select a mail prefix before anything would work. On the same options panel, you can also select your preferred disposable email provider (YopMail, Humaility, Mailinator or trash-mail.com).

At the time of writing, this add-on is compatible with Firefox 3.6 – 4.0b6.

©2011 SheepTech

Less Spam, Please – Firefox Addon to Generate Temporary Email

Disposable email address is one of the best way to prevent your email address being spammed. As its name suggest, a disposable email address is one type of email address that you only use for temporary. You create it within seconds, read the emails sent to the address, and later the email address will be deleted. Below is the list of disposable email address provider that works great:

1. Mailinator (Highly Recommended)

Mailinator requires no registration at all. Just send anything directly to <something>@mailinator.com and you can check the inbox immediately via Mailinator’s website or even RSS. Because of this, you and another user might be sharing the same email address if you both happens to choose the same address. And because of this, the inbox is completely public and just anyone can have access to it.

It is good if you need a quick email address for general purpose, but I would not recommend if you will be using it for handling sensitive information. As mentioned, just anyone can read your email there, provided they know your Mailinator email address.

2.Guerrilla Mail

A random email address will be generated (example: logeuoua@guerrillamail.biz) with just a click at Guerrilla Mail. You will then be redirected automatically to the inbox, which will last for only 15 minutes before the email address will be deleted. However, you can always request for another 15 minutes if you have not done using it yet.

As you can only use Guerrilla Mail for a certain time frame, it is only recommended for one-time-usage. For example, you are forced to join a mailing list before you can download an e-book, you can use Guerrilla Mail.

3. 10 Minute Mail

It works exactly like Guerrilla Mail. Just that 10 Minute Mail (I know it should be 10 minutes, but who cares) is offering just 10 minutes instead of 15 minutes. But again, you can always request for another 10 minutes if you are not done with your stuff.

4. Spaml

There is no need to click anything in order to generate a temporary email address. Once you visit Spaml, a random email address (e.g. j3cjaphxaq@spaml.com) will be generated immediately and being copied to your clipboard.

So basically you only need to visit Spaml, paste the email address to wherever you want it to be submitted, and return to Spaml to check your inbox. You can even customize the email address to your liking (e.g sheeptech@spaml.com).

5. Jetable

Jetable is not a temporary email address provider. But instead, it will generated a random email address that will forward all emails that are sent to that address to your actual email address. Something like a middleman.

You can choose how long the email address will last, one hour, one day, one week, or one month. Once the email address is expired, it will stop forwarding emails to your primary address.

……………

There are still many more temporary or disposable email address provider out there. But most of them basically works the same. It is essential to protect your primary email address as you just couldn’t imagine how terrible spams are—especially when you are with an email provider with an inefficient spam filter.

©2011 SheepTech

Prevent Email Spams By Using Temporary/Disposable Email Address