You can use Telegraph to receive Webmentions when your site is linked to by any website tracked by Superfeedr, even if that site doesn't send Webmentions itself!
First, sign in to Telegraph using your domain.
From the top right menu, click the "New Site" link.
Enter "Mentions" for the name (or anything you want, but that's what I use), and enter your home page URL. Entering your URL here is how Telegraph knows which links in the Superfeedr feed to send webmentions for.
After you create the site, click on the settings icon next to the name.
Near the bottom, there is a Superfeedr Webhook URL. Copy that URL since we'll need it in the next step.
Now we need to sign up with Superfeedr and create a tracking feed. Create an account by visiting the Superfeedr Tracker page. Make sure to choose "Tracker" from the account type dropdown. If you already have a Publisher or Subscriber account, you'll need to make a new Tracker account for this.
Once you've signed up, you'll land on the Superfeedr dashboard. Click "Search and Track" to create a new tracker.
link:aaronparecki.com as the query term, obviously replacing the domain with your own, and set the format to "json". Paste your Telegraph URL from the setup process into the Callback/Webhook URL field. Then click "Subscribe"!
At this point your tracker feed is live, and Superfeedr will begin sending web hooks to Telegraph whenever a new item is found that links to your website!
Unfortunately nothing will happen right away, so you'll have to wait for someone to publish a blog post that links to you. Check back in a little while and you should see some webmentions show up on your Telegraph dashboard!
Here you can see a few of the mentions I've received from my Superfeedr tracker, including one from Stack Overflow which doesn't yet send webmentions on its own!
Today there was a nice writeup about Webmention in theregister.co.uk!
The headline and subhead are a little rough, but the article gets better.
Since webmention is just a simplified version of pingback, it is just as susceptible to the same type of spam as pingback. With webmention, we have the advantage of it not being a huge spam target just yet, but it's only a matter of time. To help get a head start on fighting the coming spam storm, a few of us wanted to try creating webmention endpoints that expire after a short period of time, to see if that helped mitigate spam.
I implemented expiring webmention endpoints on my website in September 2014. The way this worked is it would generate a token that encoded the expiration date and include that as a query string parameter to the webmention endpoint. The endpoints expired 5 minutes after they were fetched, so if you wanted to send a webmention to one of my pages, you would do the endpoint discovery to find the endpoint, and as long as you made the webmention request within 5 minutes, it would be accepted.
I use webmention.io to forward pingbacks to my site as webmentions, but it uses the same expiring endpoint technique, since the forwarding target is an expiring endpoint. As such, my stats are a mix of pingbacks and webmentions.
I implemented logging of all requests so I could see how effective this technique was. I was logging the time of the webmention and the number of seconds until that specific endpoint expired. Over the past 6 months, I found that 70% of all webmentions (valid or not) were sent within 10 seconds of fetching the endpoint, and 87% were sent within 60 seconds.
Of all the webmentions I received, 51% were successful, 30% were "no mention found" (the most common type of spam request sent), 9% were sent to expired endpoints, 4% were sent with an invalid source URL (usually plain text such as when someone mistakes my webmention form for a comment box) and the rest were other errors.
Out of all the failed webmentions (either an invalid source URL was sent, or there was no link found), 53% of them were sent to a valid endpoint, and the other 47% were sent to an expired endpoint.
Of all the requests sent to endpoints that had expired, 50% of them were sent when the endpoint was less than an hour old. 18% were sent between 1-3 hours after it expired, and the rest were sent more than 3 hours after expiration. However, the distribution of failed requests within the first hour is relatively flat. This means I would need to keep the expiration time relatively small, like 5-10 minutes in order to be effective.
Ultimately the expiring endpoints seemed to have prevented processing about half of the spam webmentions I received. If I had not had the expiring endpoint, my site would have gone and fetched the source URL to look for a link to my site, and it would have been rejected at that point. If I were getting an extremely high volume of webmentions, this might actually be useful, since it would prevent a lot of unnecessary network traffic.
Starting on Friday April 17th, I started seeing a large increase in the number of spam pingbacks in my logs. (These were pingbacks forwarded to my webmention endpoint using webmention.io). I was getting these at a rate of 1-2 per hour, whereas before it was maybe 1-2 per day. Looking at the stats from the expiring endpoint, 75% were sent within 10 seconds of getting the endpoint, and all were sent within 90 seconds of getting the endpoint. None at all were sent to an endpoint that had expired.
Since all of my recent spam has been sent to non-expired endpoints, and since I don't get a high number of webmentions right now, I decided to remove the expiring endpoints from my site for the time being. It was a lot of code to deal with validating and logging expired endpoints, so removing it simplified the code a great deal. We'll continue to brainstorm and test other spam prevention techniques, documenting them on the indiewebcamp wiki.