Anatomy of a Spam Comment

The new spam module for WordPress is not as aggressive in marking spam messages as its previous version. So I get to go through and mark a variety of things that are pretty obviously spam as spam.

Well, today a spammer’s script misfired and sent his template for a comment rather than a processed spam comment itself. For the morbidly curious, I’ll quote it here:

{Pretty|Attractive} section of content. I just stumbled upon your {blog|weblog|website|web site|site} and in accession capital to assert that I {acquire|get} {in fact|actually} enjoyed account your blog posts. {Any way|Anyway} {I?ll|I will} be subscribing to your {augment|feeds} and even I achievement you access consistently {rapidly|fast|quickly}.

The obvious way this kind of thing works is that the script gets a list of websites to crawl and look for comment blocks. Then, it should use the template to generate a plaintext message using only on alternative from each of the selections in curly braces. This helps keep the spam detection software off guard, since with even a few alternatives at each of several positions, the permutations can reach an astounding number. In this case, whatever script was supposed to actually select alternatives and emit plaintext obviously failed. Given how broken the grammar is, perhaps one should expect the coding to be of similar quality.