This blog gets a lot of spam. Hardly any of it gets through. Bad Behavior, which detects spam based on its source, catches about 400 posts a day. I never see any of it. Akismet, which detects spam based on its content, catches another 300 a day. I do see that as it occasionally gets false positives, but Akismet has a success rate of well over 99.9%. Most of the comment spam is easily spotable, and I have been posting some of it for your entertainment here so you can see how bad it is.
This morning I was reading a post by the author of Bad Behavior talking about his plans for future development. This comment stood out for me:
As of now, Bad Behavior is shockingly effective, as one user said, at blocking automated spam and other malicious activity. However, that doesn’t catch all possible spam. There’s one important class of automated spam I would like to catch but cannot right now: that is delivered from hijacked Web browsers. This accounts for virtually all of the spam that Bad Behavior currently misses.
So, all of that spam that Akismet is catching, most of that is being delivered by malware installed in web browsers. And I’m guessing that that spam I get is coming from the browsers of people who read this blog. That means you, dear readers. Probably only one or two of you. But somewhere out there a few folks are unwittingly sending a lot of spam my way, and to other blogs they read.
Please install some security software, folks. If you are on Windows, Microsoft Security Essentials is free and does a decent job.