Comment Spam and SEO Campaign Apology

By way of an update to yesterdays blog covering my concerns over a comment spam and SEO campaign by Sophos (of which this blog was one such target), I received an apologetic email from Sophos early this morning and we exchanged a couple of followup responses.

Here's some of this morning's email apology:

I am mortified, as is everyone in our marketing team, that this has happened.

The messages were not posted on that guy's blog by an employee of Sophos, but by a worker at an external company hired by our marketing department.

We have called the company concerned in for a meeting today, and will be reading the riot act to them. Furthermore, we will be ensuring that this kind of activity stops immediately, as it runs counter to everything we believe in as a computer security company.

There's enough junk on the internet already - we don't need firms representing computer security companies adding to the problem with such inane and unprofessional posts.

We strive to be much much better than this, and on this occasion things went badly wrong. I'm genuinely sorry.

Just so you know, we are going to put better processes in place so that third party agencies understand what Sophos does and doesn't find acceptable in promoting our brand.

Thanks for the quick response Sophos. Apology accepted.

Sophos - Stop Spamming Me and End Your SEO Campaign

Spam takes on many different forms. Sure, we're all familiar with the crap that makes it in to our inbox, but what about the other stuff - like the stuff that appears as comments in our blog entries?

Blog comment spam is on the rise, particularly when it's used less as a direct advertising tool and more for Search Engine Optimization (SEO) attacks/manipulation. In most cases I've observed, the SEO-orientated blog spam has been initiated by the bad guys - looking to escalate their infectious drive-by Web sites to the top of search engine results.

Lately though, I've noticed that a well-known security vendor - Sophos - has been employing this tactic. For example, check out the following blog comment submissions (pending moderation):


For the last few weeks there have been similarly themed comment submissions, typically initiated by the same accounts and targeting the same blog entries (based upon keywords).

This tactic is common, and there are a number of tools designed to automated this kind of spam and SEO attack.

What's interesting (and annoying at the same time) is that this repeated spam appears to be initiated by Sophos. As you'll see in the three comments above, the word "malware" is hyperlinked and in all cases points back to http://www.sophos.com/products/malware-protection/

I find this a pretty unsavory tactic, especially if it's initiated by a security company looking to be trusted by its customers.

Sophos - if you're listening - stop your comment spam campaign and end your SEO attacks. It's unprofessional.