Terence Eden. He has a beard and is smiling.
Theme Switcher:

Sneaky spam in conversational replies to blog posts

· 6 comments · 350 words · Viewed ~3,718 times

I'm grateful that my blog posts attract lots of engaged, funny, and challenging comments. But any popular post also attracts spammers. I use Antispam Bee to automatically eradicate a couple of hundred crappy comments per day.

Graph showing 272 comments blocked in a single day.

Nevertheless, some get through. Here's a particularly pernicious one - it appeared as three comments ostensibly in reply to each other.

First "I read that article about why it’s so hard to passively track friends’ locations, and it actually makes sense. It talks about wanting automatic alerts when friends are nearby, but no app really does it well because of privacy and social awkwardness." Second "Yeah, and even if the tech exists, people don’t always want to share their location 24/7. It’s like checking promos on spam domain promotions you might see potential, but there’s always uncertainty behind it. You’re kind of taking a chance on incomplete info." Third "Exactly. Most location features are opt-in for a reason. Apps require consent because constantly tracking someone without them knowing would feel invasive, even if the intention is harmless."

At first glance these look like normal comments. They each address the content of the blog post albeit somewhat superficially. The first comment looks like it was from a social media post sharing my link - I get a lot of those as pingbacks, so it initially didn't trigger any suspicions from me.

The second is ostensibly a reply to the first and continues the conversation. Again, a bit shallow, but seems to be engaging in good faith.

The third looks like yet another reply. They all have unique email addresses, none of them have set their username to anything overly odd, and none of the users have filled out their URl.

But notice, in the second one, there's a link to a dodgy casino! There's no https:// so it didn't jump out as a link.

All three came from the same IP address in the Philippines, so easy to block for now.

Each reply is spaced exactly 3 minutes apart which, in retrospect, looks a little odd.

Re-reading them carefully, they all look like AI slop. A plausible sounding summary, written in a casual style, but with very little semantic content. Seeing them as replies to each other primed me to think they were genuine because I'm used to spam coming in individual replies. Having the spam in the middle comment made it easy to glaze over.

Remember, there are no technological solutions to social problems. Sticking more and more barriers in the way of commenting only discourages genuine replies while the profit motive incentivises spammers to work around them.

Share this post on…

6 thoughts on “Sneaky spam in conversational replies to blog posts”

  3. @blog the ones in your screenshot are pretty good because they are a bit more conversational. I use SpamPatrol.io myself because generally these types of spam messages will be trying to promote something specific but outside of the second message in your example it might have still snuck through. As the LLMs get better the spam messages will certainly get better.

    Reply

  4. I read this article about sneaky spam in conversational replies and it touches on interesting point. It's like we're getting closer to the reality of xkcd.com/810/ 😉 "Remember, there are no technological solutions to social problems" - I don't know, conventional captchas kind of worked for most websites for a long time?

    Reply

  5. This format is insanely abundant in YouTube comments, at least in certain subjects. You'll see comment 1 "Oh I have this huge problem [tangentially related to video subject], comment 2 "I also had that problem, until I found [website, person]”, comment 3 "Me too!" Etc

    Reddit has had astroturfing and rep farming for a very long time. X is almost completely AI slop. Dead Internet Theory is becoming increasingly real, with the exception of blogs of people who enjoy writing.

    Reply

  6. My working theory is that it's because some anti-spam measures use unblocked comments as a signal that the comment source is legit. So you trickle comments a few at a time to a blog, all innocuous, and then once you think you've built enough reputation, you start posting the actual spam.

    Reply

Trackbacks, Pingbacks, and Boosts

  1. Title: "Conversational Replies to Blog Posts"

    https://shkspr.mobi/blog/2026/04/sneaky-spam-in-conversational-replies-to-blog-posts/

    Anecdotally, I've been getting a lot of these on my blog for what seems like years. My rant about the difficulty in finding a chair I liked, along with that mid-century architecture desk seem to particularly attract a lot of them. That desk chair one in particular, from one particularly persistent bot! (I wonder if it will only stop when I let one of its comments remain, but with the contents blanked?)

    Anyway, this is a very real problem these days...

    Sloppified enshittification and all! 🙄

What are your reckons?

All comments are moderated and may not be published immediately. Your email address will not be published.

See allowed HTML elements: <a href="" title="">
<abbr title="">
<acronym title="">
<b>
<blockquote cite="">
<br>
<cite>
<code>
<del datetime="">
<em>
<i>
<img src="" alt="" title="" srcset="">
<p>
<pre>
<q cite="">
<s>
<strike>
<strong>

To respond on your own website, write a post which contains a link to this post - then enter the URl of your page here. Learn more about WebMentions.