To the right you will notice a series of monsters.

They all have something in common.

Can you guess what it is?

They represent the various email addresses that I've used on a regular basis over the last decade using a new authentication / anti-spoofing technique called MonsterID that has been implemented in a number of programming languages to make it easy to adopt.

The idea is pretty simple.

If you're presented with a login form and you know what certain input should generate graphically then it's hard for a fake site to spoof that input (for instance you enter your userid and as well as your password you then have to select the correct critter from a page of randomly generated ones. Obviously to make a site secure the seeding and images would have to be unique to that site to avoid simple spoofing from the common set of images.

The system can also be used to automatically generate cute alternative icons for a system such as Gravatar. In that case a common consistent set of images would be handy to help you recognize "friends" across different networks.

It looks like the latter form of MonsterID may well make it into my new blog platform of choice which will certainly liven the themes up a little.

The folks behind BlogEngine.net are certainly taking securing the platform against robot form fillers, comment and trackback spammers quite seriously and if MonsterIDs somehow add another level of protection I'll be glad to see them make an appearance in an upcoming release ;)

I'm not a fan of comment spam, and I hate splogs even more as they waste time when I'm searching for things so I was amused to see that through a lack of housekeeping Google are actually responsible for a lot of their own problems with cruft in search results.

A recent report details how researchers discovered splogs to be prevalent on Googles own Blogger service!

Luckily tools and techniques are slowly evolving to help fight the problem by tracking the spam back to the sites and advertisers who are benefiting and producing evidence to act against the perpetrators. Microsoft's Strider Search Ranger project has published some guidelines on what to do if you're a webhost or a blogger or just a concerned user to help fight the tide.

If you've ever posted a comment on a blog, signed up to a forum or submitted a URL to a search engine then you've probably encountered a CAPTCHA. One of those hard to read tests to try and prove that you're a human not an evil bot.

Sadly most of those are equally difficult for real people. The number of times I get it wrong because I can't work out if it's a "5" or an "S" or and "l" or a "1" or even read the darn thing because there's so much noise in the background picture.

Some alternatives have cropped up using types of image that a human can differentiate (men and women, cats and dogs, cheese and crackers) but most of those have a limited supply of images so it's a simple job to spend a couple of hours, map the images and break the protection.

Asirra solves the problem by accessing a large database of images that's constantly changing. Sadly the image source is puppies and kittens that are up for adoption. But as well as displaying the images to use as a security mechanism every image has an "adopt me" link underneath which links through to PetFinder to help you connect with the animal that catches your eye.

At the moment this services only features pets from the US, but it can be used to secure a page anywhere on the interweb. Hopefully in the future the service will be localized based on where the visitor is from so the pets come from a relevant source, but it's a great start.

I deleted almost 5000 comment spam tonight, the first sweep I've done since Christmas. Ironically a large number of them were posted as comments in my previous rant on the subject!

Those 5000 comments never saw the light of day because the spam filters I have in place on the blog are pretty good. So far I don't think I've seen a single false positive (which is reassuring). The engine isn't 100% accurate though. Since Christmas I've seen one spam post get published (but taken down about half an hour later) and I do get about 3 a day that are flagged as possible spam and held for review rather than published.

I wish CommunityServer would introduce a human test. I'm not a huge fan of CAPTCHAs because they are sometimes a pain to read and work with, but something simple (eg show 3 images and the user has to click on the kitten or the dog or the elephant to proceed) to make life harder for the robots.

Problem with the spammers is they eat into my bandwidth allowance, and they waste my time. I'm never going to link to their crap and I assume most of my readers would be smart enough not to buy from them. By default links in comments are rel="nofollow" so they don't even get a Google PageRank benefit.

I'm sure eventually they'll stop, but until then I think everyone should make a point of educating at least one friend why buying from spammers isn't a good thing (and ask them to pass the message on)

I used to be a very happy Optus Mobile customer. We had a couple of mobile phones on a business account, and the landline was also with them. They had some good broadband plans as well and it almost made sense to bundle them.

But then the cold calling started. Drones who, though they were trying hard, really didn't understand much English outside their script; Enthusiastic Aussies who really thought they had the right product for me; and stone-walling supervisors who couldn't understand why I was upset about having maybe 8 calls in a week both during the work day and sometimes quite late into the evening.

I explained to the supervisors that repeated calls would do nothing but alienate me. They promised to update my records to have calls blocked.

I went into my local store and explained how annoyed I was with this continued harassment - while they had some sympathy there was nothing they could do, although they did connect me to their marketing administration people.

I patiently explained the problem, gave lots of details of my account and the numbers they were calling and they promised to opt us out.

I returned every bit of junk mail they sent with various "Please don't send junk mail" and "Not known at this address" messages.

Eventually the mail stopped, and the phone calls (after going through the above steps with the marketing admin people three times in total) also seemed to stop.

Then yesterday they could contain themselves no longer. Two calls from enthusiastic reps wanting to offer to tie me into a 24 month contract as a reward for being such a good client.

Turns out spammers aren't the only idiots. Optus telemarketing have finally driven me to action. If I wasn't going away for a couple of days I'd already have canceled our entire account. As it is their days are numbered. All because their CRM was too stupid (or too arrogant) to realise that when I said "don't call" I actually meant it!

Currently listening to: Red Snapper Image of You

I had to give up on my previous blog solution because the comment spam was getting out of control and it was hard to manage. That led me to Community Server which has a better approach to spam control.

That now means that with the basic out-of-the-box facilities and a couple of excellent add-ons [6 rules and Akismet] I've not had a single spam comment get published, and almost no collateral damage.

But, even though the spam comments are not getting published they keep on coming. Today alone I've had to make about 80 entries for one site go away. What's even stupider is that the site isn't currently promoting viagra, breast enlargements or unlimited free porn.... it's spruiking badly worded investment tips in (in some cases) companies who don't even match the claimed stock ticker!

Makes me wonder why they bother! They're getting no benefit from their efforts and I could certainly do without the time wasting while I hit delete on their quarantined rubbish.

They keep trying to fill my mailbox up as well. Luckily a combination of SpamCop.net and Outlooks junk filters means that it's very rare that I actually see anything that's too time wasting. And I feel good because I report almost every one of the spam emails I get via SpamCop. For good measure I also install the Project Honeypot spambot catcher on pretty much any site I work on.

Currently listening to: Driftkikker What