RFC: Implementing an effective antispam mechanism for trackback

Hi all,
I’m Ricardo Galli (gallir at uib dot es), WP-Cache author (http://mnm.uib.es/gallir/wp-cache-2/).

I would like to know your opinion for implementing a mechanism to still allow automated trackback but effectively avoiding spammers’ trackbacks

I have already a plugin prototype (which is in fact very easy).

It does a simple check that the link provided by the “pinger” has a link pointing back to the “trackbacked page”. It can also check if the page has typical blog tags, like pingbacks o rss metatags.

But.

Obviously it only works if the “trackbacking article” is already published, which is not the general case.

My question.

Is it possible to modify WP so it only sends trackback ping right after the article is published?

I think that other blog software will just follow the same convention. The benefits are very high:

1. It continues to be “hassle free” for the bloggers.

2. It is very reliable to avoid automated spam trackbacks:

a) The spammer server will not able to determine easily which is the “trackbacked link” (or article), because it will see only the IP address of the WP server.

b) It is very “expensive” for the spammer to provide a page with all possible links in order to pass the tests.

c) Even if they find a way to cheat, the traffic generated by all spammed servers will overload their connections, making spams more expensive.

3. Furthermore, it will make trackbacks more reliable but accepting trackback only if there exists a link to the page (some users just forget it, or write wrong urls).

What do you think?

PS: please forward this request to the right place (and let me know it) if you know a better place/list/forum to post this question.