Subscription bombing #net
For a while I have - perhaps once or twice a month - deleted a new empty comment from one of my blogs. Created with a name and subject that seem to be a short(ish) string of random letters and digits, but usually always with a @gmail.com address.
Today Klaus pointed me to this blog post: "Your sign-up form is a weapon " - which seems to describe exactly what I have seen, even down to the strings of random letters and digits.
There is this classic spam pattern where somebody uses your email-address as the sender of a bunch of junk mail, and you get a lot of bounces - called a "Joe job". This "subscription bombing" seems similar, only the perpetrator isn't sending out bogus emails, they are doing bogus sign ups instead.
Luckily my blogs don't send out registration or subscription emails. They don't send emails at all, so my machine hasn't participated in the overwhelming of people's inboxes - all that has happened is that I have been annoyed and implemented some filtering.
I didn't guess what the comments were meant to do, so I just called my filter "Dumb bots", but it seems to be this type of attempted "subscription Joe Jobbing". The behaviour matches, even down to the attempts being rare:
2026-01-29 20:24:59 Dumb bot detected - no follow up for you
2026-02-06 12:22:00 Dumb bot detected - no follow up for you
2026-02-10 18:12:44 Dumb bot detected - no follow up for you
2026-02-13 00:16:58 Dumb bot detected - no follow up for you
2026-02-21 00:40:02 Dumb bot detected - no follow up for you
2026-02-07 11:24:14 Dumb bot detected - no follow up for you
2026-02-25 10:40:38 Dumb bot detected - no follow up for you
2026-02-27 14:23:09 Dumb bot detected - no follow up for you
2026-03-10 12:08:52 Dumb bot detected - no follow up for you
Looking at that, I can see the attempts are closer together than I thought - but I have also improved my detection in steps, so I guess my memory is of the frequency of my filter not succeeding.
Add comment
How to comment, in excruciating detail…
To avoid spam many websites make you fill out a CAPTCHA, or log in via an account at a corporation such as Facebook, Google or even Microsoft GitHub.
I have chosen to use a more old school method of spam prevention.
To post a comment here, you need to:
- Configure a newsreader¹ to connect to the server
- Open the newsgroup called
¹ Such as Thunderbird, Pan, slrn, tin or Gnus (part of Emacs).koldfront.dkon port1119using nntps (nntp over TLS).lantern.koldfrontand post a follow up to the article.Or, you can fill in this form: