Skip to main content
 

I'm sorry you've run into this issue. I can't help but wonder if most of the spam is really pingback spam? Much of what you've gotten likely isn't arriving via webmention as I see the following header in your page:
<link rel="pingback" href="https://webmention.io/www.miriamsuzanne.com/xmlrpc" />

My guess along with some minor sleuthing is that the entirety of the spam you're seeing is of the pingback variety as the mechanism by which webmention works is mean to actively decrease the amount of unwanted spam. Vanishingly little Webmention spam has been seen in the wild.

Removing the pingback link from the header of that particular page (or others that might get linked to with heavily trafficked sites like CSS-Tricks which are often pirated) should solve your immediate problem. Hopefully those who are working on additional anti-spam features will add to these measures to further mitigate this sort of issue for the broader publics' use and adoption. I've personally experienced this sort of "attack" at least once in the pingback space and another using the even older refbacks specification. On my small personal site, I leave them all on however, particularly for the small slice of academic blogging community that still uses pingbacks and the benefits generally outstrip the annoyance. Naturally your mileage may vary and you may consider turning them off.

Of course, you'll probably also realize that the reason the CSS-Tricks notification was caught in spam was because it also came in as a pingback and not by webmetion. (I'm pretty sure that they don't have webmention set up to send them, so their site would have only sent a pingback.)

Many of the older systems, including WordPress which are frequently used by these same sorts of pirates, will still send/trigger pingbacks. Within the IndieWeb space, most sites explicitly sending webmention notifications will include h-cards with author names and timestamps which is part of why Max Böck’s filtering solution works well.

On the positive side, I wonder if this sort of notification behavior might help sites like CSS-Tricks to track these sort of bad actors for help in potential take downs of this sort of piracy?