Abstract

Link verification has been demonstrated to be an effective technique in warding off trackback spam.

Status

Proposed

Proposal

In section 4 (Security Considerations), change paragraph 3 to:

To discourage and prevent TrackBack Spam, server implementations that do not require explicit authentication of the sender SHOULD verify received Ping requests by scanning the content of Originating Resources for legitimate links to the Target Resource. As many forms of TrackBack Spam omit such links, such practice has been demonstrated to be an effective defense. Upon receiving an unverifiable Ping, the server SHOULD respond with an HTTP status code of 403 Forbidden.

Impacts

Trackback spam