While dealing with comment spam, I happened across the bizarre phenomenon of domain tasting. When I encountered domain names that looked like obvious throwaway registrations, I just figured that the cost of domain registration had fallen so low that even a single spam campaign could pay for the domain registration. I was very right – in fact, registering a domain for a spam run is free!

Here’s how it works: ICANN allows/forces a five day grace period for new domain registrations in which the registration may be cancelled with a full refund. So, it’s basically free to get a domain name for only five days, and nowadays an estimated 99% of domain name registrations are cancelled within that period. Hilarious.

Until now, only .org registrar PIR seems to have a problem with this and has written to ICANN asking for a fix. That was approximately three months ago, and there’s no response to be found. It appears that Bob Parsons complained about this as early as 2004.

To complicate matters, it appears that there are at least four business models currently exploiting this loophole:

• Spam runs – apparently, it takes a refunded domain up to three weeks to disappear from DNS, which is more then enough for your usual email based advertising spam.
• “Real” domain tasting – registering a million domains, seeding all of them with your typical link/pr0n/fake search engine feeder site, then returning (and perhaps subsequently re-registering) the 99.5% that don’t make you any money.
• Whois snatching – when a registrant decides to use certain registrars to see if a domain is still free, they immediately register it for themselves. Through the grace period, the registrar can then see whether the domain makes them money without content, and if not, resell to the customer.
• Dropcatching – just try to register any domains that currently expire and try to make money off residual traffic or recycle preexisting pagerank to boost link credibility.

These are of varying (yet generally rather shaky) legitimacy, but I’m thinking that the Internet as a whole would be better off without this grace period. Of course, the root cause of all this are the idiots who actually click through all these spam sites, just as the root cause of email spam are the idiots who actually buy spamvertised goods, but I’m pretty sure we won’t be able to get rid of those any time soon.

Yes, they’re freaks – Wired News: A Sixth Sense for a Wired World:

What if, seconds before your laptop began stalling, you could feel the hard drive spin up under the load? Or you could tell if an electrical cord was live before you touched it? For the few people who have rare earth magnets implanted in their fingers, these are among the reported effects — a finger that feels electromagnetic fields along with the normal sense of touch.

Before: Kevin Warwick, who appears significantly less crazy when compared with these guys.

Since I moved this site to WordPress, I have had the opportunity to enjoy comment spam. WordPress’s defaults are very sensible (allow comments from users who already have one comment, moderate all others), but I have yet to figure out what the difference between simply deleting a comment and marking it as spam is. Whatever WordPress does with spam, it sure doesn’t include the idea that a URL that has been in 25 spam comments might also indicate spam if it is posted again.

One of the things I’ve noticed in my server logs is that the current generation of spam bots isn’t very intelligent. For example, the following simple referrer check would have caught one hundred percent of the comment spam I’ve received until now:

        SetEnvIfNoCase Referer "^http://weblog\.themel\.com/\?p" plausible_ref=1
        <Location /wp-comments-post.php>
                Order Allow,Deny
                Allow from env=plausible_ref
        </Location>

It’s in place now. Let the arms race continue.

Also, there’s a confusing multitude of spam filtering plugins for WordPress out there, but a cursory look didn’t reveal any that I found particularly suitable. Making humans jump through hoops (captcha, registration) is not an option – something of SpamAssassin’s usefulness would be adorable. Any advice from my fellow bloggers?

Edit: Alas, it appears that this solution is too simple to work. It just ate the first legitimate comment, written from software that sends slightly incorrect Referrer: info. Sorry.

While visiting China was a grand experience food-wise, I didn’t delve into the weirder aspects of local gourmet food. Thus, I missed both the penis and testicle and the breast milk specialties. My regret at this can not be accurately expressed in mere words.

I expect that the next time I go, I will be able to order my 火锅 with human blood instead of ordinary pork blood.

This bug report has some fine interaction between a user whose database was corrupted by RPM and the RPM developer. It even sparked some (lame) fan fiction on the hopeless K5, which is how I came across it.

Sorry, only more politics. Guantanamo commander on prisoner suicides:

Rear Adm Harris said he did not believe the men had killed themselves out of despair.

“They are smart. They are creative, they are committed,” he said.

“They have no regard for life, either ours or their own. I believe this was not an act of desperation, but an act of asymmetrical warfare waged against us.”

What? I’m rather reluctant to start crying “fascist”, but this just sounds like a slightly skewed world view right there. Next thing you know, we’ll be worrying about the ragheads putting fluorine into the drinking water, thus corrupting our precious bodily fluids. For a neat geometric interpretation of how such craziness might work, see the excellent David Brin: Altruistic Horizons.

Proposal to establish an European Institute for Mathematical Methods in Counterterrorism, possibly in Vienna:

We propose the creation of a European Institute for Mathematical Methods in Counterterrorism (IMMC), to be based in Austria. Such an Institute would require minimal investment but could serve as a catalyst to draw several million euros in research grants and contracts to Austria. This influx of funding would benefit not merely scientists and firms working in Homeland Security, but other aspects of Austrian science as well.

Bugmenot works. My take? Not going to happen. First, the homeland security pie is probably largely in the hands of USians with political connections. Second – investment in university research? Sure.