I have been fighting spam in email and on community sites forever. Man what an arms race.
When it makes sense to only allow community members to be able to post, life gets simpler, but in many cases you do not want to narrow the field. If I end up on some random blog and they need me to login? See-ya.
I have tried a lot of stock plugins for handling spam, and although a lot of good work has gone into the like of Spam Karma, WP-Hashcash, and the many others, I always have had problems.
I chose an image CAPTCHA on this blog a long time ago, and spammers now can do OCR and get right through it. I am moving to a new blog shortly, so will fix that issue at that time.
The problem with image CAPTCHA (other than the accessibility issues) is that the arms race means that already you either get beaten by smart spammers, or the image is so hard to read that HUMANS can’t read it. I have personally been baffled a number of times as I type in what SURELY is the right mix of numbes and letters, but the system tells me that I am wrong.
I recently had an attack of spam at soundmoneytips.com (a great little site by the way) and it was the last straw.
The only solution that really made sense was to get out of the herd mentality, and go it alone.
That is why I choose a logic-CAPTCHA that asks a brain dead simple question that a human finds ‘duh’ but ideally is hard for a computer to grok.
The simple math based questions (4 + 14) are destined to be beaten by spammers as soon as there is enough of them and critical mass means that the spammers need to write the simple bot that can eval: 4 + 14.
The plugins that only work if JavaScript is understood also didn’t work for me.
The damn spam bots were smart enough and go through the system. I guess it isn’t that hard to embed a JavaScript interpreter, but sheesh!
Anyway, back to logic CAPTCHA. The beauty is that you get to write your own questions that you ask people to answer.
You can ever ask things that only your audience would know. For example, on Ajaxian.com we ask questions such as: “What does the X in Ajax stand for?” (even though Ajax isn’t an acronym).
When you get personal like this, you are out of any critical mass. Chances are unless you are a huge company, the spammers will not think it worthwhile to beat your little set of questions (which you can change too of course).
It is a pain for people to have to answer the question, but at least we keep the spam bots at bay.
For now.