PhotoDude.com

The de.com blocking isn’t necessarily the fault of MT-Blacklist. It’s the fault of the strings that Ben Hammersley has chosen to block with the blacklist. My blacklist doesn’t contain any entries that would block photodude.com

Many people have overly-aggressive blacklists, blocking all .info domains or any comment that mentions texas because those are common spam strings, but I’d imagine that his blocking of *de.com was inadvertent.

Actually TypeKey is pretty easy to implement should you have done a fresh install of Movable Type. The code is all there in the templates, and the options panel in MT controls it.

Back-porting it to existing templates from an earlier release of MT is another matter and probably something that needs to be improved, however.

It’s probably worth noting that I don’t have MT-Blacklist running at all, thanks to requiring TypeKey, and I have zero comment spam. If that’s not an acceptable option, then the question becomes balancing between how much effort you’re willing to put in, how many false positives you’re willing to accept, and how many spam comments you’re willing to let get through so that you have to manage them.

It is inarguably far too difficult to enable TypeKey, especially if you’re not doing so on a clean install of Movable Type. We’re in the process of updating both our documentation and our websites, but I won’t argue at all that this part of our user experience is just not good enough. Let’s check back on that in a few weeks, but I think the short version of it is that any company that’s satisfied with their web presence probably just doesn’t get the web.

I just googled “movable type typekey comments” and got Elise’s TypeKey enabling tutorial. If you were a paying user of Movable Type, our (awesome) support team would answer your help ticket and either give you the information you need directly, usually within a few hours, or point you to the Knowledge Base article explaining exactly how to enable TypeKey for either an existing or new MT installations. (Link requires a login to a TypeKey account with a paid MT license.)

So, if you were a regular user, you’d go to the software company you paid for your license from, log in to your account, and file a help ticket. I think our users who pay for support have a pretty good experience, and we’re definitely going to do a lot to improve the experience for people who are using the free version.

I know it’s fun and/or fashionable to give us grief about MT but I can’t help but think that part of the reason people linked to your post is not because they wanted to give useful feedback, as you’ve done with this post, but because they like to pile on in classic blogosphere fashion. We’re listening to all the helpful feedback, and I’m hoping that people stay focused on information that helps us all combat this problem.

Hey, the HTML in my links was filtered out! (I don’t read directions well.) I’d linked to the TypeKey tutorials, and knowledge base articles mentioned above.

I continue to hear a lot of individual anecdotal evidence … “this works for me” ... “it’s not the blacklist itself, it’s the string.” All I have to go on is what I personally see, and what I read. Most of the techniques I’ve seen offered, I can give you individual anecdotal evidence where it didn’t work. There is obviously a lot of variance, and it’s hard to put your finger on the variables. Page Rank of the site? Number of letters in the domain name? Who knows?

Anil, I think we had a case of passing elections, as I was replying to a comment of yours elsewhere on this topic, while you were pecking away here. I see you acknowledge the lack in Typekey documentation, and it’s in the works, but any “bump” it could be given would be a Good Thing right now.

I can’t decode the motivations of each person who has linked to that article, but I can tell you it was a couple dozen sites in less than 48 hours. I think you have to accept that more than half of them had pure motivations, i.e., they see or are experiencing the problem.

I didn’t mean for this to turn into an MT Bash, as I thought we filled our annual quota for that long ago. I just see multiple sizable web hosts responding to this problem in the only way they currently can, and it’s not a pretty solution. I made a point of saying that you can’t place all the blame on Six Apart, and I don’t think we can rely on them to provide 100% of the solution. It goes beyond MT.

Each blog app can and should provide whatever solutions they can, but that’s a multiple front war. That’s why I’m in favor of an effort to deal with it at server level, regardless of what app is being used.

I like the way Russell Beattie handles his comments, but it may be too labor intensive – basically, past-comment-whitelisting (not sure if it is just on name/email/url or also on posting-IP) which keeps the “flow” of regular posters up, without slowing down casual ones – you at least get “n comments pending moderation” indications. If I get around to adding comments to my own tools it’ll probably also add “delay-listing” of urls that are actually in comments – ie. the blogger has to click on them to “approve” them, otherwise they only appear as text – on top of straight moderator-listing.

(I haven’t figured out a way to programmatically take advantage of trackforward, though it does help with “human” authentication of posts. Also, I’ll add my vote as someone who notices typekey, and if that (or worse, MSPassport) is the only way in, will just find someplace else to comment – I already have too many bad passwords to worry about…)

I have to agree with Reid’s earlier comments about TypeKey being a barrier. It is a barrier for me and I know I am not alone. I am a geek and a nerd. I am confident I could find my way through the TypeKey maze and exit with whatever you get for cheese at the end. But, why? No, really, why jump through another set of flaming hoops so that some other faceless organization out in the ether can know more about me than I care to divulge. Why should I commit yet another set of data on file somewhere to keep track of? I have enough accounts to bother with and be worried about as it is. Enough is way too enough. I am known, for good or bad, in the circles that I choose to follow and play in. And even if it were not, so what? The Libertarian in me just cannot deal with asking for permission to express my opinion.

“No, really, why jump through another set of flaming hoops so that some other faceless organization out in the ether can know more about me than I care to divulge.”

I won’t argue with your point, but I will argue that we’re faceless. If you’d like, call me +1 650 571 1709×211 any time and I’d be glad to talk to you about it, and about how TypeKey is a good solution for many of these issues, and for many people.

After I renamed ‘comments.cgi’ to something else (and updated 5 template pages to point to that new script) I haven’t had any commentspam anymore…

Slightly a side issue, but it’s worth noting: I’ve been publicly critical before about Six Apart’s documentation, and indeed MT itself, not being ‘for the rest of us.’ In every case, Anil’s followed up, as here, with an open and frank comment, and even invited further dialogue. This is, I think, wholly commendable.

Some aspects of MT require improvement, and for the most part one must take it on trust that Six Apart are slaving away for all our sakes’. Anil taking criticism on the chin helps me, for one, maintain the faith.

...and now I sound like a rabid fanboy. Darn. :-/

Hey all, as I was reading some of your comments, something occurred to me. The question I have for you is this: Do you not like TypeKey or the way it is currently implemented?

The reason I ask is that I personally don’t like TypeKey today and only use it as an option on my site. If someone logs in through TypeKey, they get past all of my MT-Blacklist checks, which is kind of cool.

Still, I don’t think I would go straight TypeKey today unless I was forced to (as I suggested some do in my post on movabletype.org). However, I’m not opposed to the idea of TypeKey if in fact the process were seamless.

So if the answer you give is “I don’t like the way it’s implemented”, I would love to hear your suggestions for changing it to make it better suited to your needs. That’s really all we’re interested in doing anyhow when we go into the office every day.

I think TypeKey is a great way to get rid of all the spam, I don’t see why not use it.