TrackBack Spam: Abuse and Prevention

Contemporary blogs receive comments and TrackBacks, which result in cross-references between blogs. The authors conducted a longitudinal study of TrackBack spam, collecting and analyzing almost 10 million samples from a massive spam campaign over a one-year period. Unlike common delivery of email spam, the spammers did not use bots, but took advantage of an official Chinese site as a relay. Based on the analysis of TrackBack misuse found in the wild, the authors propose an authenticated TrackBack mechanism that defends against TrackBack spam even if attackers use a very large number of different source addresses and generate unique URLs for each Track-Back blog.