| LED Digest 2320: Uncomfortable Linking Requests |
|
|
|
================================================== The LED Digest Moderated Discussion List "Effective Online Advertising, Since 1997" Data > Information > Knowledge > Wisdom pair Networks: The LED's Web Host Hosting and Domain Registration from a Trusted Leader pair.com for Hosting | pairNIC.com for Domains ================================================== List Moderator: Published by: Adam Audette LED Digest adam, led-digest.com http://www.led-digest.com .............................................. January 8, 2007 Issue no. 2320 .............................................. .....IN THIS DIGEST..... ====== NEW ===================== --== Linking Requests ==-- ~ Mark Bishop "I have recently received a request from a colleague and it made me very uncomfortable..." ==== CONTINUING ================= --== Even More Form Spam ==-- ~ Veronica Yuill "Using referrer checking as a security measure is pretty ineffective..." ~ Marty R. Milette "Some techniques to kill form spam I use myself include the following..." --== An SEO Guide - is it Possible? ==-- ~ Shaun Johnston "...what's needed is so specific to each market I despair of such wisdom being made available." ~ Dirk Johnson "I just hope that open dialogue can be incorporated into any SEO guide." ========== NEW =================================== From: Mark Bishop Subject: Linking website requests I have recently received a request from a colleague and it made me very uncomfortable. It was an email that was probably sent to a limited number of individuals, so not spam, he's just trying to engage with his friends and colleagues. I also believe that he is coming from a place of trying to do good work. However, it made me think he is working with some less than ethical SEO companies. Part of the email goes like this: ------------------ "I am reading more & more on the effectiveness of linking websites in order to drive more traffic to your own site. I am hoping that there would be interest in establishing a mutually beneficial link on both of our sites. You are not endorsing any type of partnership with or even any product or service of XXXXXX XXXXXXXX. This is a link that XXX, my graphic artist, could put on both of our websites and it would be hidden to the naked eye but would help us both out." ------------------ I just would like other's response to this email. How would you suggest that I respond to this individual? I would like to help educate him without being pedantic. Thanks. Mark Bishop ======== CONTINUING =============================== From: Veronica Yuill Subject: Form spam > ... the script will only allow form inputs that come > from the referrer of the form page, which means > all 27,000+ spams were manually entered, or a > script integrated with a browser filled them in > and sent them on. - John Smart, LED Digest 2318 - http://www.led-digest.com/content/view/1687/55/ Not at all, John, the referrer is merely a text string and is very easy to forge. The spammers probably just included the necessary referrer string in their script. Using referrer checking as a security measure is pretty ineffective except in a very controlled environment ( e.g. an intranet). I don't bother with it generally; instead I use header injection checking and also checking for inappropriate content in the message, e.g. if a normal form user would have no need to include a URL in their message, I'll throw out any messages with URLs in the message body. You are right, any script that sends mail to a user-supplied email address is very dangerous and needs extra spam protection. Regards Veronica Yuill http://www.archetype-it.com/english/index.htm -------- new post - same topic -------- From: Marty R. Milette Subject: Form spam Form spamming is easy. Takes 1 line of code to fake a "Referrer". Any programmer could use Visual Basic or Excel to create a form spamming application in a few minutes. Keep in mind that spammers are lazy. They look for simple forms with no validation, ones that reply immediately to the address entered on the form, and that echo back text fields collected from the form. In Russia, they play mean. Last year I had a case where a company was deliberately sending spam using their competitor's own server to try and get it blacklisted and annoy their mutual customers. Once your mail server is blacklisted, better look for another place to host it because it will be almost impossible to get de-listed. Some techniques to kill form spam I use myself include the following. Keep in mind that I speak of forms that are submitted to a form-processing script on the server that you control -- not the automated posting bot as in the FrontPage Server Extensions which sends emails without analysis: 1. Apply thorough server-side form validation. Forget about client-side JavaScript form validation -- spammers post data directly to the server. From the server-side -- validate email addresses - ensuring only one address is provided (injecting a list of addresses separated by commas is a common trick), that the email address is properly formatted and has not been used to submit the form previously. Validate the poster's IP address (not the "Referrer" property) - ensuring it has not been used before, or applying restrictions to how many times per day / week that submissions are accepted from that IP address. Validate all remaining text fields to ensure appropriate field lengths have not been exceeded. You may even scan text fields for common spam-related keywords if you wish. 2. Make the form's reply email useless for the spammer. NEVER directly echo back any text fields that were sent in the original form submission. Instead, submit the form to a server-side script that examines the post and then prepares different replies for the web owner and submitter. Send only a 'stripped-down' confirmation reply, such as , "Thank you for your inquiry about xyz, we will review your questions and get back to you right away..." rather than including any text that the web form collected. If there is no way to add the spam to the confirmation message, your form is useless to them. 3. Make it difficult for the spammer to automate the process. Spammers are lazy. Make it difficult for the spammer to automate the process, but NOT more difficult for legitimate customers. Rather than resorting to CAPTCHAs (which I hate with a passion), just split the form over two forms -- where the user enters basic information on the first page, submits that form, and then fills out the second and perhaps more detailed page. It only adds one click to the process for the user, but makes it almost impossible for the spammer. (Especially if the second form server-side-validates the data from the first form and uses inter-form session or authentication keys.) An additional advantage of this technique is that you can have the second form generated based on the responses from the first form -- so if the visitor states on the first form that the yare interested in widgets and not wigwags, the second form can ask detailed questions about their widget interests. Marty R. Milette http://hotel-club.net -------- new post - new topic -------- From: Shaun Johnston Subject: SEO guide I used to desire a comprehensive SEO guide. Now I think what's needed is so specific to each market I despair of such wisdom being made available. Each time I come across such intelligence I'm struck by how little of it seems to apply to me. I have two other more pressing needs. One is, for each tool, what value it delivers and in what circumstances it's worth applying. What's the logic of each tool? Coverage would be biased in favor of pointing out all the situations when it's not necessary. Second, systems for keeping track of data. I use a combination of paper printout by client and data in databases. I use WebCeo which usefully stores and makes readily available old traffic data and periodic cross sections of ranking etc. And I store log files and my analyses of them. But how to keep track of applying to dmoz for this site and that, to check to see if each one's yet been registered, and if not if it's time to submit again? For that, maybe a single sheet of paper would be best. But where to keep that sheet? And how often to look at it? Dire warning are offered against re-applying too soon, for fear of being sent back to the end of the queue just as one is about to be considered for inclusion. This a classic behaviorist's routine for generating anxiety. The forms and tools of data acquisition and storage should obviously be determined by what questions one needs to answer. For me that varies by client, since they vary in what they are prepared to understand. So I muddle through. Because I can't organize it professionally I charge very little for SEO because I think there's little I can accomplish. Doing a lot would involve such a blizzard of data that all my systems would seize up. So I give it away, often, as a value-added to my basic service of webmastering. I'm interested in SEO most seriously for marketing my own travel guides, where I proceed by instinct whenever prompted by anxiety about things. Mainly, are things going OK? If so, forget it. Real professional SEO work is to me the most unpleasant job I can conceive of, worse than actuarial research in an insurance company. Are we, in fact, working with a set of tools bound to induce a sense of failure? Can one conceive of a better set, that even creatives could enjoy using? Shaun Johnston -------- new post - same topic -------- From: Dirk Johnson Subject: SEO guide Hi Adam, A couple of points about the SEO Guide that is being proposed... We actually wrote one, for use in our own business, called "Search Engine Optimization Basics For Real Estate-Related Websites" http://www.domaindrivers.com/seobasics-realestate-main.htm We tired to edit out the arcane points and the SEO lingo, while providing enough material for someone to proceed. It's a multi-page document that was specifically written for real estate professionals, using real estate examples. In speaking with a lot of real estate professionals who have an interest in this subject, we've found that even our own book may be a bit too detailed. The average site owner wants basics, basics, basics, in a form that is manageable. I would suggest a core of basics, with details linking from that. Someone mentioned that a "consensus" should drive the content of any collaborative effort. I would strongly disagree, especially with respect to reciprocal linking. Large numbers of SEO "experts" are quite confused about the practice of reciprocation, due to their own self-admitted lack of current experience with it. Their "consensus advice" on the subject would be just more of the same unfounded speculation that is rampant elsewhere. The SEOmoz guide you mentioned is already infected with it, as follows: http://www.seomoz.org/articles/bg7.php. Quoting from it: -------------------- "Link Exchanges & Free-for-All Links - While the promise of easy link building through link exchanges or link farms is tempting, these tactics often achieve subpar results. Natural, organic inbound links from sites that your competitors can't get links from are the best way to rank well in the long term." -------------------- First, link exchange is not easy, and second, it still produces excellent, stable results at a very affordable rate. At least it does here. What's more, getting links "from sites that your competitors can't get" is extraordinarily difficult, especially for novices at SEO work. If one site can get a link, so can a competitor, usually. Where are these links that competitors can't get? That aspect is rarely explained. And, once you get them, why can't a competitor also get them? Links are public info. Curiously, on the preceding page of the same SEOmoz guide (http://www.seomoz.org/articles/bg6.php#6c), they advise doing an analysis of competitor's links, and then pursuing those links. If so, then those links would specifically not be "from sites that your competitors can't get", since competitors *already* have them! But, if that's the approach taken, then we will often find that sites that already rank well are quite often using reciprocation for the bulk of their link popularity. Yet this SEOmoz guide then takes the reciprocation option off the table on the next page. Is that confusing? They tell us to do what our well-ranking competitors have done, but on the next page, they tell us to not do what our competitors did, if it was via reciprocation! Why not? If it works for my competitors, then why won't work for me? The discrepancies in logic are considerable. In situations where a competitor already has hundreds of reciprocated links, I am curious as to how someone matches that link foundation without reciprocating, and at what cost, and over what time frame. This is a very common, real world situation that is never addressed by the anti-reciprocation crowd, yet I see it manifest all the time with our prospective clients. There are some big name SEO experts who claim to have magic formula ranking recipes that simply rely on a "few good links". But they won't ever tell you exactly where to get them, or the cost. That's not SEO advice, it's just a marketing pitch for their own secretive services, and that kind of obfuscation would have no place in a LED-sponsored guidebook. The anti-reciprocation crowd is a tiring bunch of people who have never proven their case, while evidence that refutes their claims is pervasive. In the end, following their advice usually provides a huge advantage to the site owners that do reciprocate properly and responsibly. It is one of the most curious situations in the world of SEO advice. LED Digest is one of the few places where those of us who actually do proper reciprocal linking work (and thus, understand it, from experience) can put our views forward in thoughtful manner, without being ridiculed, abused and insulted by the anti-reciprocation pundits. I just hope that open dialogue can be incorporated into any SEO guide. Best regards, Dirk Johnson, Partner - Operations DomainDrivers LLC www.domaindrivers.com ------------------------------------------------------- The LED Digest is sponsored by pair Networks: pair.com for Hosting | pairNIC.com for Domains Copyright 1995-2007 Orange Wheel, LLC. All Rights Reserved. ----------------------------------------------------------------- Happy birthday to my love :-) xoxo |
