Update Your Movable Type Spam Filters (Please)

Movable Type version 3.2, released in April of 2007, included a plugin known as SpamLookup. This plugin was able to submit comments to a lookup service (hence the name of the plugin) to one of a number of blacklist services, which in turn would determine if the IP address used for the comment submission is suspicious, allowing you to better judge if you had encountered a spam comment.

However, way back in May of 2007, Six Apart released a guide on updating your spam filters for the plugin. Without the change, your comment-posting process will be horribly slow, because the process has to timeout before it will continue. Also, the default for the other service probably isn’t the best (though that isn’t mentioned). Want to know more? Read on!

While I’m sure there are people who will blame it on Six Apart, it was in fact due to the Blitzed service shutting down. Just removing the entry from your settings will take care of the issue, and this will speed up your comment posting tremendously.

But the default that Six Apart mentions as a replacement – the zen.spamhaus.org service – may not be the best one to use, because it combines all the lists on the www.spamhaus.org service. That in itself sounds like a good idea, but the issue is that it also contains the PBL list. This is a list of dynamic addresses – potentially every dynamic address available. That means that anyone using a dynamic address (which is most home users) won’t be able to comment without being marked as spam!

There used to be a list named sbl-xbl.spamhaus.org, they have sinced discontinued this list. While the list seems to still work, they suggest that you don’t use it and instead use the zen list. My suggestion is that you use the sbl.spamhaus.org and xbl.spamhaus.org lists separately, so that you don’t include those dynamic addresses and exclude potential visitors to your site. Unless that is your goal. In that case, by all means include the zen list. Just be aware of what you are doing.

The other option you have is to use something like Akismet or TypePad AntiSpam, in which case you may want to turn off the lookup function of SpamLookup entirely. You could also use them together.

Just make sure you know what it’s doing, and not wasting cycles that may ultimately scare away your visitors!

Note: Newer versions of SpamLookup (for MT4) do have different defaults, you still need to check the servers being used. On a fresh install, you’ll only have one – bsb.spamlookup.net. But an upgrade won’t get rid of the old ones you had set.