It seemed to take a while for bots to recognize that I was running Movable Type, because I was mostly spam free for a couple of weeks. When I finally started to get comment spam, it was at a rate of about one every four or five days. That lasted up until about last week, when I got my first runs of half a dozen or so spams at once. Expecting repeat performances, I spent some time upgrading to MT 3.11 and installing Jay Allen's award-winning spam-busting plugin, MT-Blacklist, the newest version of which is available for MT 3.11 in the plugin pack distributed by Six Apart. After installation, I didn't see any comment spam on my site or in my inbox for two days, so I figured if another six messages were posted again in that time, they were properly blocked. It could also be that no comments were posted since I upgraded, which seemed equally likely. Either way, I was reasonably pleased.

The following evening, I got email from my blog saying a newly posted comment was postponed for my review because it was suspected of being spam, due to the fact that it was posted to a very old entry. I reviewed it, and sure enough, it was, so I told MT-Blacklist to block it and other similar comments in the future. Blacklist promised it was deleting it in the background and everything was taken care of. After a few minutes, however, I noticed that not only the comment wasn't deleted or postponed for moderation, but it was on my site. This damn thing doesn't work! I shouted. So I started poking around.

When I got to the activity log, I forgave MT-Blacklist for this little transgression. In the 24 hours after I had upgraded to MT 3.11 and installed MT-Blacklist, 129 (one hundred and twenty nine) comment spams were automatically blocked without any intrusion on my life or yours.

In a common installation (as mine is), MT is very slow about rebuilding pages whose content has changed. Deleting several comments by hand usually takes about 30 seconds. Doing any more than that at a time causes the web browser to give up on waiting, cancelling the action. At 4 comments per 30 seconds, deleting 129 comments would take over 16 minutes to do by hand, during which I would have to click four checkboxes, scroll down, click a button, wait 20-30 seconds, and repeat the process 32 times. For that plus the time it would take for me to notice that my site was vandalized, unsolicited offensive garbage—usually random words with product names and links to the advertiser's website scattered about—would be sitting on my personal website. With MT-Blacklist, none of that had to happen.

So far, it appears that suspected-but-not-obvious spam is supposed to be held for "moderation," but in my case is being posted first. It appears to get deleted from the database, but the pages (including the sidebar "chatter" summary) do not get rebuilt. I can rebuild manually—though it takes a bit of effort to hunt down the original post to rebuild it, because the comment is no longer in the database. But despite this apparent flaw, given its two-day performance, it is clear that MT-Blacklist is damned essential.

Unlike e-mail, a comment-enabled weblog is a public invitation for anyone who might be interested to come to your home, partake in your lifestyle, eat your food, and have a nice conversation. A comment posted to your blog is visible to the world as associated with your words, your ideas. The exchange of personal vulnerability for communal connectedness is worthy of respectful, conscientious, generous behavior by others, and the exploitation of this vulnerability makes blog comment spammers worse than run-of-the-mill e-mail spammers, socially speaking.

MT-Blacklist is a simple but effective solution that brings the cost of defending a personal website from attack back down to near zero, and that means more people who want to have a blog can. No wonder that MT-Blacklist is so beloved—sometimes, it seems, even more than Movable Type itself.