Fighting Comment Spam on Movable Type: What To Do First

| 4 Comments | No TrackBacks |
So you just set up a Movable Type blog, posted some entries and the first (real) comments start coming in.  And then, it happens: all sorts of shady people start spamming your comments section with offers for various pharmaceutical products, or with seemingly on-topic comments which actually mostly contain links to really spammy websites full of ads.  Now what?
Settings, plugins...

The first natural impulse is to start fiddling with the comment settings for your blog: restricting who can comment, requiring an account, turning on CAPTCHA's, banning certain words or expressions...  This will stop a large number of spam attacks, but it will also stop an equally big number of real comments because people will just not bother to jump through all the hoops after a while.

You might also start looking at installing various anti-spam plugins: different CAPTCHA's, special security codes, more filters...  These might all work to a certain degree, but as soon as they are widely spread spammers will devise new ways around them.  They might also discourage visitors from commenting in the same way more restrictive settings do.

As you may have noticed, on this blog the comments section does not require you to log in, and there is no CAPTCHA test or anything.  Yet there is hardly any spam in my comments (as far as you, dear reader, can see at least).

What you should have done first

Movable Type already comes with a very good spam filtering plugin, called TypePad AntiSpam.  In my experience this has always been a hugely effective filter with very few false positives or negatives.  Basically this plugin sends all incoming feedback to a webservice that then returns a spam rating, which usually is correct.  

The beauty of the system is that if some piece of feedback is classified wrongly you can send a report about it with just a simple click.  If enough reports come in, the filter is adjusted and subsequent pieces of feedback are filtered correctly.  There is also a 'trust' mechanism built-in: if someone is submitting many 'bad' reports to muddle up the effectiveness of the filter, reports from that person are ignored.  Submit lots of 'good' reports, and your credibility increases which will give your reports more weight in the future.

Every day, thousands of bloggers are sending in reports that make the system better.  All users on the entire TypePad blogging platform are using it!  With so many eyes watching them, it is very difficult for spammers to keep coming up with new and better spam to defeat the filters.

Sounds like a pretty good system, no? There is just one tiny drawback: TypePad AntiSpam is not on by default in a new Movable Type installation!

The reason for this is pretty simple: the webservice needs a way to identify you and your reports (to be able to assign you a trust rating internally), and for this to work you need to input a (free) key in the settings of the plugin.

Usually, getting this key and putting it in my plugin settings is one of the first things I do when setting up a new Movable Type installation.

How to do it

Go to System Overview > Tools > Plugins in your Movable Type menu structure, and click on the TypePad AntiSpam plugin, then click on the 'settings' link.  You will see this:

Now go to and click on the link to sign in if you have a TypePad account (or register for one for free).  Finally, click the 'Get API Key' link that appears.

A popup will appear with your key in it.  Copy-paste this value into the plugin settings and hit 'Save Changes'.

That's it!  (Almost) no more spam!

Reporting false positives/negatives

It is inevitable that sometimes spam will get through, or non-spam will end up marked as spam.  In that case, simply select the wrongly classified piece of feedback from your comments or trackbacks screen, and hit the 'spam' or 'publish' button.  A report will automatically be sent to the TypePad AntiSpam webservice, making it a little bit better.

No TrackBacks

TrackBack URL:


This is a very good first step. I have about a days worth of experience with movable type, 3 years with joomla, drupal and other CMS. Thank you for the valuable information on reducing spam. Do you have anything on modifying how the site treats linking. E.G nofollow, etc.

I am not use to the file schema, it would be good to know which templates control what.

This is a very helpful tip. Unfortunately, it doesn't match what I see in my installation of Movable Type. When I look at my plugins, I do see the line for TypePad AntiSpam 1.0. And to its right is an "Enabled" caption, as in your screen shot. But, unlike in your screen shot, there isn't a button to its right. Also, when I click AntiSpam's Settings link, I see only a field for Junk Score Weight: no APIKey field. I don't get one via the Resources or Info links either.

I also see, below the "Individual Plugins", these:
Plugin Set: spamlookup
SpamLookup - Lookups 2.13
SpamLookup - Link 2.11
SpamLookup - Keyword Filter 2.1
What's the relationship between them and AntiSpam? For example, which one gets called first?

This is in Movable Type 5.01, according to the version number at the bottom left of my screen. It may be a different version to yours, but since the version number of your AntiSpam plugin is the same as mine, shouldn't they behave in the same way?

I have tried marking the spam comments that I receive as spam anyway. But it doesn't seem to have triggered anything in AntiSpam. The final sentence in AntiSpam's Info link says: "So far, TypePad AntiSpam has blocked 0 messages for this blog, and 0 messages system-wide."

Jocelyn Ireson-Paine

I loved as much as you'll receive carried out right here. The sketch is tasteful, your authored material stylish. nonetheless, you command get bought an impatience over that you wish be delivering the following. unwell unquestionably come more formerly again since exactly the same nearly a lot often inside case you shield this hike.

hi, interesting info... good job...
here our webpage

Leave a comment