De-Spamming WordPress Comments

Update: patch now available for WordPress 2.x

Over the last week, I have had a few attempts to post spam comments against Smiffy's Place articles: all links to gambling sites. For those in countries where the ISPs might be obliging, I have filed abuse reports. Now that they are coming from Africa and Russia, I have decided to take alternative measures.

All comments on Smiffy's Place posts must be accompanied by a valid e-mail address (set under Options/Discussion); however, the WordPress function is_email() works on fairly loose constraints; an address such as foo@bar.baz appears to be a valid form. As all of the gambling site spams received have had e-mail addresses at bogus domains, I have applied a simple fix: the is_email() function now does a DNS lookup of the domain. The lookup actually goes for an A record – I don't use an MX record lookup as I would be violating RFC2821.

My hack is available as this patch; please note – the DNS lookup function used is not implemented on Windows platforms; my apologies, but Gates' Army will have to find their own workaround if they want to do this. (Hint: read the checkdnsrr page.)