The new Twitter links, however, are a whole new story. If an Amazon Associates member takes the time to re-write the text into their own words, there's virtually no way to know by looking at the post that the Twitter update is actually an ad.

Is Amazon Spamming Twitter?

In the past, several legitimate companies have diluted the Twitter stream with promotions and contests encouraging Twitter users to "tweet to win" so to speak, by pasting in some sort of marketing message into the "What are you doing?" box or by appending a promotional hashtag to their everyday messages. But unlike these company-run Twitter promotions, there's not a hashtag to use or any specific wording that has to be tweeted in order to participate in the Amazon Affiliate program. All anyone has to do is tweet links along with the message of their choosing.

Because Amazon's marketplace is extensive in terms of the products it sells, there's a wide variety of things which can be promoted. No matter what a Twitterer's particular interest is: music, politics, technology, etc., there's bound to be hundreds of things that could be mentioned in their Twitter stream without the posts appearing to be an ad. In fact, there's a good possibility that they would have been talking about these products anyway throughout the course of the day...they just couldn't have made any money off of them until now.

Hidden Advertisements

The problem with this sort of "hidden" advertising, though, is exactly that: it's hidden. This is the internet's version of "product placement" - subtle advertising in plain sight yet never clearly identified as such. Was your favorite TV star using a Macbook? Was he drinking a Coke? Already commonplace in Hollywood, these almost subliminal advertising messages permeate our consciousness every time we turn on the TV. Now that same sort of hidden ad will soon show up in the Twitter streams of your favorite tweeters.

Soon they'll start promoting a great book they just read, a DVD they liked, or one of a million other things pulled out of Amazon's vast inventory. None of it will sound out of place given the types of informal conversations that take place on Twitter every day. You won't even know that they're advertising to you until you click through on the link and find yourself on an Amazon.com webpage - and even then, you may not be sure. Was that a referral or were they genuinely just linking to the Amazon website to be helpful?

Will the FTC Step In?

Another question this raises, at least here in the U.S., is whether or not the FTC will get involved. Having recently taken steps to make sure that bloggers were properly disclosing freebies or payments received by companies whose products were being reviewed on their sites, one has to wonder if they'll now be tempted to monitor the undisclosed advertising that's about to explode on Twitter.

Amazon could have avoided the potential threat of government involvement (not to mention the accusations that they're "spamming Twitter") by generating their links using their own proprietary URL-shortening system, something like amzn.com or amz.com for example. That would clearly identify the tweets' purpose. But instead, they opted to make their links with the URL shortener bit.ly, the one that Twitter itself uses by default. This makes the Amazon links indistinguishable at a glance from any other shortened link posted to Twitter. There's no way to tell if a tweet is an ad unless the Twitter user left Amazon's auto-generated text in place. Of course, no one is going to use that text except the laziest of Twitter spammers - people you're probably already avoiding.

Tell Amazon What You Think with #AMZNSOT

Today, many Twitter users are coming out against this new type of Twitter-fueled advertising, registering their complaints via tweets marked with the #AMZNSOT hashtag, the official tag used to give Amazon feedback about the system. These users are already branding this new effort "spam," saying things like: "Amazon now gives you cash for spamming on Twitter? Oh, swell," as Twitter user TwitBin says. "Does this just mean more Twitter spam as people try to make money?" asks NickHerbert. But there are just as many Twitter users saying nice things about the new system too, calling it "cool," "awesome," "sweet," and even claiming it "rocks."

You can give Amazon your two cents as well by updating Twitter with your thoughts and including the #AMZNSOT hashtag along with your message.

Whether you think the new Amazon Twitter integration is good or bad, there's no doubt that it will be a major game changer for Twitter. As it blurs the lines between conversation and ads, people seem to think that Amazon has either created something of genius or has ruined Twitter as we know it. Few seem to be undecided when it comes to their feelings about this issue. The question is now: which side will end up being in the majority?

Says Darya Gudkova, Head of Content Analysis & Research at Kaspersky Lab, "naturally, this type of advertising is more interesting and gets more hits." That's bad news for YouTube because when something works, spammers keep at it... with a vengeance. Once word gets around that video spam is more successful than traditional methods, there's no doubt that it will only increase.

How Would YouTube Handle Video Spam?

So what will YouTube do if video spam becomes a real problem on its network? We would like to think that it would take the offending content down, but that could be easier said than done. After all, this isn't like the copyrighted content that their Content Identification tool can easily identify and remove. That tool works by comparing unique signatures somewhat like a digital "fingerprint" from a content owner's copyrighted file to user uploads across the site. Then, if a match occurs, the copyright holder has the option to have the video taken down.

Identifying a spammer's video would be much harder. Just because someone is using YouTube to sell something, that doesn't necessarily mean it's video "spam." That moniker should only be reserved for videos which are truly undesirable messages where fraudulent activities are underway. The question is, how would YouTube know?

Assuming that video spam takes off, the best thing the site could do to police online content is to include a "report spam" button for videos themselves, as it now has for video comments only. 

Of course, for potential victims of video spam, the best thing is not to get duped into visiting YouTube in the first place. Spam filters will simply have to adapt to this new technique. Unfortunately, that will be yet another challenge for Google, which, in addition to owning YouTube, also offers a feature in its webmail product Gmail that automatically embeds any YouTube videos referenced in the email directly in the message itself. That makes it even more convenient for video spammers, who wouldn't have to convince their victims to leave their inbox and launch a new browser window: just click a button on the video embedded below.

As long as people are willing to trust their Twitter log-in information to third parties - and don't look carefully at URLs before they log into websites - and as long as a small number of bad actors want to pee in the social media swimming pool, this kind of thing will continue happening.

Apparently there's no substitute for ruthlessly and constantly policing your own feed, thoroughly investigating services before you sign up for them, double-checking the URL every time you are about to enter info into a form, and regularly purging your OAuth settings of services you no longer use.

Also, to be safe, change your password regularly... you don't have to be obsessive about it: every three hours or so should be enough. And because erring on the side of caution is always a good idea, fake your own suicide and change your identity at least once a year.

And you thought Twitter was going to be fun? Slacker.

More Noise to Signal.

Mollom, the spam-filtering startup that eliminates comment and post spam on popular content management systems, just reached two important milestones: it processed 100,000,000 messages and is now actively protecting over 10,000 websites.

Even more impressive is that these statistics are for Mollom's public servers only and don't include message processing on private servers operated for large-volume clients, such as Netlog, an online social portal for European youth.

Mollom set up dedicated servers in Netlog's data center to provide automated around-the-clock monitoring and custom-trained content classifiers. Mollom's servers analyze more than 50 messages per second for Netlog, adding up to an additional 4 million messages per day that are not counted in the latest milestone.

Large sites such as Netlog are turning increasingly to Mollom for its ability to filter spam in near real-time. Another site, popular citizen journalism hub NowPublic, had been receiving almost 25,000 spam posts per day before implementing Mollom's service. After NowPublic installed Mollom, the number of legitimate comments by users jumped 180%, while spam comments fell to nearly zero.

Taking into account the traffic from the 10,000 websites that Mollom protects, Mollom currently processes up to 150 million messages a month, making it one of the largest website spam filtering services available today.

But Mollom is not content to rest on its past achievements. The company is currently changing the architecture of its back-end, which will make the software learn faster and make its actions easier to debug, analyze, and oversee.

Mollom offers its services in tiers, with products targeted at small blogs, mid-sized sites, and large enterprise-level Web properties. Mollom Free, designed for small blogs and sites with small posting volumes, is provided free of charge to the Web community, while Mollom Plus and Mollom Premium are commercial services designed for sites with higher volumes and reliability requirements. More information about its service plans is available on Mollom's website.

Interestingly, Google also notes that image spam, which is generally filtered out quite well by modern spam detection software, has seen a major resurgence. Amanda Kleha, a member of Google's message security and archiving team, theorizes that this might be due to new spammers getting into the market after the shutdown of McColo and 3FN, and these new players are starting out with well established methods, even if they are not very effective. Kleha also notes that spammers might just be testing how well the current generation of spam filters handles these messages in order to perform statistical analysis based on which subject lines and content make it into users' inboxes.

Google also notes that one of the largest spam attacks in the last quarter was based on an old school "newsletter" template (with malevolent links and images thrown in there for good measure). This attack unleashed about 50% an average day's spam volume in only 2 hours. So while it might not have been highly sophisticated, there was surely a massive network behind it that was able to send out this huge amount of spam in such a short time.

The Web is changing. In today's world, user participation can make or break a site. Allowing users to react, participate, and contribute while keeping your site under control can be a huge challenge. If poor-quality content or spam hits your website, it can undermine your site's search engine listing, damage your brand and reputation, and degrade your visitors' experience. Good user-contributed content, meanwhile, can add a lot of value to your site, which translates into more activity, improved stickiness, and more and better monetization opportunities. As the Web continues to become more social, more websites will need a strategy to deal with spam and unwanted content.

The addition of these social features has brought the problem of spam. Two major challenges arise from trying to control website spam. First, visitors may lose their motivation to comment or contribute content because they are required so often to prove that they are human and not spam by registering. This erodes participation.

Secondly, whether visitors are asked to register or not, site moderation becomes more time-consuming and expensive. Website moderators have to scan comments and other content to find spam instead of interact with the community. And publishing companies have to pay for more site moderators to deal with all the spam on their sites.

NowPublic is a Vancouver-based news network that mobilizes an army of reporters to cover events around the world. During Hurricane Katrina, NowPublic had more reporters in affected areas than most news organizations have on their entire staff. NowPublic was up against as many as 25,000 spam attempts a day, so it needed a solution that would allow the site to grow faster and more effectively without being slowed by comment spam.

A year ago, NowPublic implemented Mollom, a Web service that protects blogs, social networks, and communities against spam and other unwanted content. Within 12 months, the company had become one of the fastest-growing news organizations in the world, with thousands of reporters in more than 140 countries. In addition to this growth in reporters, NowPublic saw an 180% increase in the average number of comments posted per month by users since implementing Mollom's spam-filtering service.

"Integrating Mollom in NowPublic's systems was quick and easy," says Michael Meyers, co-founder and CTO of NowPublic. "It took only a few hours, and the API service has been fast and 100% reliable. By the end of the first month, we saved more in-person hours alone than Mollom cost us for the year."

Mollom has prevented more than one million spam attempts since it started protecting NowPublic. But NowPublic uses Mollom for more than just comment spam. It uses it to identify bogus profiles, vet new account sign-ups, and protect forums.

Mollom, in effect, removed a major barrier to visitor participation for NowPublic, allowing readers to comment anonymously. "Mollom has been a critical ingredient in our success," adds Michael Tippett, co-founder and CMO. "It has allowed us to open our comments to anonymous users while limiting the ability of spammers to vandalize our site. This has helped us grow our page views and truly tap into the wisdom of crowds."

Mollom also allows NowPublic's website maintainers and editors to focus on providing content instead of removing spam. "Since NowPublic began using Mollom," says Jordan Yerman, NowPublic's Contributor Support Manager, "I've saved at least an hour per day dealing with spam in stories, profiles, comments, etc. Thanks to Mollom, I can be more pro-active than reactive. I have more time to engage and interact with our users."

Other major publishers using Mollom to protect their websites from spam are Sony Music, Warner Bros Records, Netlog, The Economist, Fox Interactive, and the New York Observer.

Visit mollom.com to download Mollom's spam filtering service for your website.

Looking Forward: More Viruses

For 2009, Google assumes that this upward trend will continue and possibly accelerate again, as malware and link-based attacks become more effective. During the second half of 2008, Google noticed that virus volume in email increases six-fold from the first half of the year. While the overall volume of these messages is still small, Google assumes that spammers will increasingly rely on these viruses to rebuild the infrastructure that became unavailable after the McColo shutdown.

Symantec's MessageLabs has been seeing a similar rise (PDF) in spam during the last two months of 2008, and also attributes this to the the rise of new and better botnets.

As the team points out in a recent blog post, traditional audio CAPTCHAs based on distorted digits or letters are relatively vulnerable to automated attacks and can be broken by using machine learning algorithms. Indeed, Wintercore Labs, an IT security firm, showed how easy it would be to break Google's audio CAPTCHA solution earlier this year.

Transcribing Old Radio Shows

By using old audio clips, however, ReCAPTCHA is circumventing these security problems (you can here an example of these clips here by clicking on the speaker button).

One problem with this type of CAPTCHA, however, is that a lot of these clips are quite hard to solve - especially because a lot of them are from radio plays and feature different voices within a single clip, as well as the occasional audio effect. Most of the clips are about ten words long.

The reCAPTCHA team acknowledges this problem by allowing a certain amount of misspellings and other mistakes, but even with some practice, we still didn't get far beyond solving every third CAPTCHA correctly (but then, a lot of visually impaired users might be more sensitive to picking up these audio clues). If you did better, let us know in the comments.

PayPerPost

PayPerPost pays its bloggers to write posts about their advertisers and link to them. Basically, it is an elaborate search engine optimization scheme. Bloggers are supposed to disclose their affiliation with PayPerPost, but the ethics of this scheme are debatable and some bloggers fail to disclose their affiliation.

Every memetracker (and every popular site for that matter) will, of course, attract spammers. It's surprising, however, to see that Google, a company that is generally known for its good spam filtering, let these two sites slip through. While the memetracker in Blogsearch is relatively new, the Google blog search index has been around for a long time and tends to be very clean.

However, because Google Blogsearch ranks posts according to the number of links they received, it is prone to list spammy posts from networks like PayPerPost.

A lot of memetrackers had to deal with these problems before, and we are confident that this will be an isolated incident, but Google clearly needs to improve its algorithms to shut this kind of spam out of its system or institute filters that shut out PayPerPost blogs by default.

reCAPTCHA combines traditional OCR with an approach similar to Amazon's Mechanical Turk. Every text is analyzed by two different OCR programs and whenever those two program disagree on a word, it is marked as 'suspicious.' Those suspicious words are then fed into reCAPTCHA, which creates a CAPTCHA with both the suspicious word and a known control word. Once a certain number of users have solved the suspicious word with the same result, it becomes a control word itself.

Overall, reCAPTCHA achieves an accuracy of 99.1%, which is on par with the accuracy achieved by having two humans type the text and then verify the results.

While it is mostly a proof of concept right now, reCAPTCHA's developers calculate that the system can be used to transcribe the equivalent of 160 books a day.

The most fascinating aspect of this idea is that it turns mental energy, which would otherwise be wasted, into something useful. Other projects like fold.it, which turns protein folding into a game, or Google's Image Labeler take a similar approach, but the user has to actively decide to play a game. reCAPTCHA, on the other hand, turns a chore into a useful project.

Once you have registered your sub-domain, you don't have to register the actual email addresses you want to use. Instead, any email sent to your sub-domain, no matter the part before the '@,' will arrive in your inbox. By default, OtherInbox filters incoming email by sender, but it also makes sense to sign up for new services with addresses like "123onlinestore@xxx.otherinbox.com" so that you can keep track on who is potentially selling your email address to spammers.

By default, OtherInbox will email the first message that comes in from a new address to your standard email account. Every forwarded message is prefaced by a number of links that allow you to turn of forwarding messages from this address or to block further messages from this sender. You can also have Otherinbox send you a daily digest of new messages. IMAP support is forthcoming.

Controlling Spam

There are a large number of potential uses for OtherInbox, but the most straightforward is to use it for signing up for new services online. If a company starts sending you spam, you can just block every email from this service or to this email address with just one click.

The OtherInbox interface is similar to that of pretty much every other online email service (and actually quite reminiscent of Apple's MobileMe), but the main difference is that OtherInbox automatically filters your mail by sender and creates a folder for every sender (see screenshot).

What About Gmail?

If you are already using Gmail, you could, of course, make use of the "+" feature, which allows you to create email address like "john123+facebook@gmail.com," but Gmail does not filter those out automatically like OtherInbox would, which means you would still have to create a filter for every one of those addresses. Over time, that simply takes too much time and work.

Verdict

Overall, OtherInbox is the slickest disposable address service we have seen so far. While other services like GuerillaMail, MintEmail, or e4ward offer similar services, none of them feature the simple user interface and complete set of features that OtherInbox does.

Invites

We quickly ran out of our first batch of invites, Otherinbox gave us a few more to hand out to our readers. Just click here to claim yours.

In case you're unfamiliar, Amazon's Mechanical Turk is a crowdsourced marketplace for tasks. A person needing work done can set up a HIT (human intelligence task) - the small job they need done. Others come along to perform the HITs, earning micro payments along the way. In this way, businesses, developers, and other individuals have access to an affordable, scalable workforce

Unfortunately, it appears that the convenience of the Turk marketplace has some appeal to social media spammers, who are now using the site to earn Diggs, bookmarks, and other social recommendations they do not deserve. Here's an example:

Anyone who uses Amazon's Mechanical Turk has no doubt come across similar HITs posted by spammers. For example, this guy is requesting someone create 29 social bookmark accounts from 29 sites:

A search for "bookmark" on MT today displays 48 results (at the time of writing) where spammers are requesting social bookmarking of their web site. Search for "digg" and you'll find people paying for Diggs.

Of course, whenever there is a system in place (like social media) that can help drive traffic to a web site, there will be those people who use it to generate traffic for their spam sites. But why are they able to use Amazon Mechanical Turk to do so? Shouldn't Amazon police the Turk to shut down these spam accounts?

Mechanical Turk Still Has Promise, Despite Spammers

However, this doesn't mean that Mechanical Turk doesn't hold any value - it's still an innovative and useful tool for many. In fact, members of the HCI community (Human Computer Interaction) have begun to use Turk for user research studies with great success. This work has inspired others like open source advocate, Chris Messina, to do the same. He plans to use Turk for usability studies on OpenID and OAuth. Since the HITs are spread out among many, the cost of performing these studies is greatly reduced. Being able to crowdsource research is a great way that MT can be used today, and one that will have a big impact on the future, too.

Thanks to Brynn Evans, a graduate student in the Department of Cognitive Science at University of California, San Diego for discovering this and thanks to open source advocate Chris Messina for sending it along to us.

While that number seems pretty questionable, PCMag's Appscout points to a related survey from Forrester in 2004 that found 20% of people say they have bought from spammers. In other words, if you believe these studies - it's getting worse, not better.

Marshal (no relation) says that global spam volumes are around 150 billion messages each day and have doubled for the year ending June 2008. We wrote in December about another study, also from a vendor in the anti-spam market, that concluded that 90 to 95% of all email is now spam.

"A common misconception is that 'regular' people don't buy from spam. But, you have to consider the types of products people are buying," Marshal's Bradley Anstis wrote in the company's release today. "It's pirated software, knock-off watches, counterfeit designer goods, cheap drugs and prescription medicines, pornography and other adult material. The Internet provides convenience and a degree of anonymity to people who want to buy illegal or restricted goods. It is a black market and spam has become a conventional means of advertising to a willing audience of millions of people who are purchasing from spam."

The announcement of the study concludes with these funny lines, from Anstis again: "The other way to look at this situation is from a spammer's perspective. There are approximately 250 million people out there who are interested in these kinds of products and have made purchases from spam in the past. That's equivalent to double the population of Japan mixed in with every other Internet user. As a spammer - how do you reach that market without knowing specifically who these people are and with the bare minimum of expense? Easy, send lots of emails to everyone."

Has The Market Spoken?

If you buy Marshal's numbers, and they have a vested interest in painting a large threat, perhaps the market has spoken. It sounds like people want spam, after all. What other e-commerce channel would 30% of respondents admit having bought something from? Doesn't sound like something that needs to be illegal.

Of course these numbers should be taken with a giant grain of salt. The study was of just over 600 respondents who visited the Marshal website. The question they were asked appears to have been framed in a pretty presumptuous way. "What purchases have you made from spam?"

This author has never bought anything from spam. I swear.

The percentage of people who have clicked on a topical looking ad on a spam blog that showed up in search is probably even higher. The satisfaction with that spam is probably much higher than satisfaction with email spam.

Those of us who want to use online communication channels for serious purposes, and I don't mean serious like S&M fantasies, may be forever forced to wade through a sea of people who are less discerning and the spammers who email us all in order to find them.

According to MessageLabs, Google Sites spam only accounts for 1% of all spam at the moment, but they expect this technique to become as popular as similar techniques being used to distribute spam using other free Google online services, including Google Docs, Google Pages, and Google Calendar.

The benefit to using Sites for spamming is that it's harder to block the resulting URLs generated by the service. Unlike Google Pages, whose URLs are in the format of accountname.googlepages.com, a Sites URL begins http://sites.google.com/site/. The format of these URLs, which contain "google.com," are more difficult for traditional signature-based anti-spam tools to block. At the tail end of the URL, the spammers' sites will contain site names that are composed of random letters and numbers.

Sites is certainly not the only Google product that has been adopted by spammers. For example, I noticed an increase in Google Groups-related spam messages arriving in my Gmail inbox recently. Google Sites looks to be more of the same. Spammers are certainly clever, so it's up to the makers of anti-spam technology to combat this latest threat of "Google Spam." Clearly, just because something is hosted at google.com, it should not automatically be considered safe or trustworthy.

The bigger question here is how the rise of Google spam is being addressed by Google themselves? Surely, they are concerned about their name becoming associated with sites hosting malware and spam?

Google would not confirm how they were addressing this specific problem or how they address spam in general, saying that they needed to be careful not to provided spammers with any clues as to what they do. However, they did say that they expect spammers to use every means possible to try to send spam and that they have a very robust spam-fighting effort at Google. They also claim that they disable these accounts immediately and will continue to do so.

Did you notice a big drop in your Twitter follower numbers yesterday? It seems that the Twitter team recently decided to step up their Twitter spammer detection, and, in typical Twitter fashion, their algorithm sent the service haywire, leading to yet another sighting of the Fail Whale while the issue was resolved. Meanwhile, Twitterers everywhere were in an uproar over their lost follower counts.

Earlier this week, ZDNet reported that many Twitter users were no longer able to add followers thanks to the new limits put in place to discourage spamming. Unfortunately, this action caused some major trouble for community managers, like Pandora's Lucia Willow, for example, who stated her case over on Get Satisfaction. In addition to Pandora, Comcast, Jet Blue, and several others were also affected. In order to add new followers, they had to delete older ones - not a good idea for those that want to stay tuned into their community.

In addition to causing problems for community managers, there were even some cases of follower limits placed on those that had a 1:1 Twitter ratio. And although Twitter has not confirmed the cause of the dropped follower counts, it's likely that the the new anti-spam bot is to blame.

As we wrote earlier this year, many companies are using Twitter for customer service, meaning that they will be following people at higher rates than regular Twitter users due to the fact that they follow back those that follow them. This is certainly a legitimate way to use the service and one that should not be punished through a blind algorithm that can't distinguish a community manager from a spammer.

While we appreciate the fact that the Twitter team is fighting the spam problem (an "ongoing battle," says Biz Stone), you would think that they would have considered this potential ramification to implementing their new pattern-detecting technology. It's almost as if Twitter themselves do not even know what would constitute someone being a spammer. If that's the case, they should ask the community for guidance before rolling out a brand new anti-spam bot.

Ironically, in the midst of these issues, a post on the Twitter Blog on Wednesday was about a new Twitter app, TwitterCounter, that lets you track the number of followers you have on Twitter.

All we can say about that is...well...this may have not been the best time to release that news.

Were you affected by the follower limits? Tell us your story in the comments (or just share your thoughts on this issue!)