All that is good, but introduces another problem: If a spammer knows a filter or a subset of it, it is trivial to write a generator for spam based on the filter.
All that is being shared with the MT blacklist and the custom filters is regexes for domains. Spammers are spamming to promote web sites that sell something/make them money. Yes, they can alias a million domains to one site, so blocking one, and telling them how we block it means they move on to another. Sub-domains are free. But if they keep changing the url they are spamming, it screws their chances of getting a good google rating for it. They are then competing against every surviving post for their old domain. And their competitors. And legitimate sites of interest... If we use a /closed/ domain regex blacklist, then when they swap url each web of trust has to update individualy, and as pointed out, spammers will get onto lots of webs of trust. They'll blacklist their competitors (which actualy works to our advantage ;-)) to boost their chances of success. And work round the filters. If each WOT has to update itself on it's own, it'll take longer to cleanse the net of a new spam url. With a public system like the MT blacklist, one webmaster notices, updates his core site (if it's drupal powered that pushes out to all sites under his control, plus the sites of his friends and colleagues, which push out to...) and notifies the master list. Other sites read the updates regularly and then blacklist it themselves. It's a fast way of rushing a block to everywhere. Speed is the key with this, not privacy. If spammers learn that when they spam a new url, a baysian filter will pick up their spam message, generate a regex, notify a core, which will notify all other sites, which will then block it for the future, and remove it in the past... then url spamming this kind will eventualy die. Pipe dream? Yes, it's a war and the spammers are as resourceful and organised as the CMS/Blog engine developers. They'll find a new way to spam. But with a bit of luck, it won't involve comment/http-referer attacks. Cheers, Mike -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ .