Nofollow and the Spam War Arms Race

Recent events have caused me to rethink the use of the nofollow attribute on my blog comment links. Much has already been written about whether or not to use the nofollow attribute, so I won’t re-hash those arguments here. Personally, I had come down on the side of believing that nofollow did little to stop spam. Besides, commenters add value to my sites and it’s appropriate to reward them with a link. So I’ve been running one of the DoFollow plugins for WordPress to override the default nofollow behavior.

Then the spam flood came that most of us have seen by now. These spam comments are harder to detect because they seem to be written by a human and customized to somewhat fit the post content. You can often tell only by the URL they promote and the awkward wording of the comment that shows they don’t truly grasp the topic. More of them are slipping through the trusty spam-fighting superheroes: Akismet, Bad Behavior, and Spam Karma.

A little research showed that my URLs were ending up on lists of dofollow blogs on sites made just for the purpose of gaming Google’s Pagerank. (I won’t link to them and give them publicity.) The lists are all neatly sorted into groups with the highest Pagerank sites at the top.

And then today, I found comments with a referrer from a site that sells a script to help you find blogs without nofollow. I was tempted to buy it to see how it worked so I could block it, but I just couldn’t stand the idea of giving them any money. (It’s, which I also will not link to.) What really irks me is that they refer to this as white-hat link building to make it sound palatable to the average Joe! (Oh joy, here’s another one:

I still believe that using nofollow fails to stop spam, however, I am now convinced that:

  1. Turning off nofollow can be a spammer magnet.
  2. Some sites are promoting dofollow to increase the number of sites available to abuse.
  3. Some sites are promoting displaying a dofollow graphic on your site only to make it easier for them to find you.
  4. Not using nofollow may effect Google search results ranking. It may be coincidence, but I had a site that by every statistic should have ranked #1 for certain keywords, yet it remained at the #3 position for many months. The site leapt past the competition to #1 within a month of turning nofollow back on. I can’t prove a correlation, but further study is certainly warranted.

Well, I’m still not ready to give up. So what can we do about? Here are a few possibilities:

  1. When you run across sites like this, report to Google through their webmaster tools.
  2. WordPress users should flag these comments as spam in Akismet. If we all work together, we can make a dent in the sources.
  3. Use a dofollow plugin with advanced features, like the one I mentioned above.
  4. It may be possible to block some of these with some .htaccess rules looking for referrers including “nofollow” or “dofollow”. Be careful, though, as it’s easy to block legitimate traffic or yourself with this, e.g., I had to quit blocking those so Google searches for this post would get through. 🙂
  5. Don’t display the little graphics announcing that you dofollow unless you rename the files so they’re not so easy to find with a Google search.

Anyone have any more ideas or know anything about the scripts being used to abuse our blogs?

16 thoughts on “Nofollow and the Spam War Arms Race”

  1. Very interesting read indeed. You raise some interesting points that I never thought about when enabling the DoFollow plugin on my own site. I think it may be time to review the use of DoFollow.

    What about the idea of turning DoFollow off or using NoFollow and instead, using a plugin such as CommentLuv which shows the commenter’s last blog post. Then again, this probably wouldn’t reward the commenter as the google spiders wouldn’t follow the link to their post. Hmmm

  2. I hadn’t heard of CommentLuv. That’s an interesting idea.

    Right now I’m running a Dofollow plugin that allows not turning off nofollow for pingbacks and trackbacks. That helps a little. It also adds a delay you define for how many days a comment must age before removing nofollow. That helps make instant checking a bit harder.

  3. Interesting article indeed. There is one simple thing that you can do about comment spam, though: make it mandatory for a commenter to have at least one approved comment before his/her comment is auto-approved. Spammers never get this status, so they always end up in moderation, and you only have to check real commenters once.

    Of course, that’ll stop working once the spammers get one “real” comment past you. In that case the nofollow-case-by-case might help out.

  4. @Max R, Good advice. I wouldn’t even consider running a blog without doing as you suggest.

    BTW, I have noticed some commenters trying very hard to get that first comment approved — even submitting it without a URL. I assume that is an attempt to get in the door for future abuse.

  5. If you notice that many of your posts that are older than one month are attracting spam bots, login to your admin panel and browse to the plugins tab, then click on Akismet configuration. Check mark the box that describes the option to automatically discard spam comments on entries more than a month old and click the save button. This has really cleaned up my Akismet spam filter.

    This is the tip I gave on WordPress Weekly Episode 6

  6. @Jeffro2pt0, That’s an excellent suggestion. Most of the comment spam I see does seem to be on older posts. I believe that is an intentional attempt to slip comments in without being noticed.

    Unfortunately, some of the comments in this last flood of spam have been written well enough to slip past Akismet altogether. But Akismet is learning and improving.

  7. Guys,

    How can you tell a genuine comment from someone who has gone to the trouble of finding your blog via let’s say a Google search, and someone who simply used one of those software’s to find your blog and make a post of equal quality?

    Taking the problem of blog spam into all consideration, it seems that you could be punishing real bloggers too.

    Would love to hear your comments on that.


  8. @Stewart, That is the dilemma in all of this. Sometimes it’s really hard to tell and I agonize over those. But there are other times when it’s obvious by the writing or the URL. For example, linking to a get rich on the Internet site is a big red flag. 🙂

  9. Great article! This is a tricky topic. Bloggers are faced with a decision as to what they should allow, dofollow or nofollow. The reasons behind both are obvious and we all know them. In a perfect world you could moderate every comment and apply the dofollow as you see fit. Unfortunately most of us have full time jobs and can’t sit in front of the computer waiting for blog comments. As far as the custom searches go, there are an endless amount of sites and people who have created these tools for anyone to use. Now, these tools do eliminate much of the work for spammers but they also allow people who are white-hat to quickly find blogs that are related to their niche’ that are dofollow so that they can post coherent comments that actually provide some additional insight to the conversation (unlike the spam programs). All I can say is good luck with what ever path you decide to travel, your blog is good enough to attract readers and entice comments on its own….

  10. I agree with you enable Dofollow is a spam magnet. But you will also get many visitors too.

    So my experience to fight spam is:
    – Use Akismet(i think are you using this plugin too) and proactively flag spam so the url once flag will more likely block by Akismet.
    – Another thing is always moderate comments.
    – Let visitors know you are will flag their url as spam if they do spam use. ( they may scare their domain being black list then it will harder for them to spam later) Hopefully they will move on.


  11. @ Doug – CommentLuv is pretty cool. BUT, the newest plugin out that is awesome is keywordLuv. Basically it allows the user to use their keywords as their name. Finished result look like so “Annie from Sevierville Real Estate says…… So it still uses the users name but uses the keywords as the anchor. Using this in conjunction with the commentluv really sparks up the comments. Check it out..


  12. @Annie Maloney I don’t really see a need to have a keyword field because if people really wanted to they could just leave the keyword(s) in the name field. As a blog owner I actually prefer them not using keywords because in my opinion it looks spammy to use keywords in the name (even if it says John from whatever), and it just makes it blatant that they are commenting only to get links. Just my 2 cents…

  13. I run a web hosting blog and I was faced with the same problem once I enabled do-follow. Let the flood gates open! Basically what I do is manually read each comment and make sure its legit before I pass it onto my blog. I was hoping it would inspire more peeps to comment on my blog but really it just inspired more spam bots to lol

Leave a Reply