@stevendbrewer this is a newer thing, informed i think by that experience. first it's a bit simpler (just a form-encoded source and target URL basically, rather than XMLRPC). and the spec requires the mentioned to verify the mention, to a degreee — if spam, the spam site must at least actually include a link to the URL.

it certainly could still be abused, if sites typically display linkbacks without further verification!

it's been around long enough i wonder what the experience has been.