In the never ending battle against comment spam, I’ve implemented a change in the way comments are verified.
First, the comment form now requires users to answer a simple question when posting a comment: “This site is called the House of _____”. A human user will hopefully be smart enough to enter the name Rapp. A spambot, on the other hand, will choke.
I wish I could take credit for this elegantly simply fix, but the credit must go to this guy.
The other anti-spam measure is the Three Strikes plugin. If a comment is posted with a) more than 2 links, b) no referrer, and c) at least one match from my spam word list, the comment is automatically obliterated. It doesn’t go into moderation. It’s not marked as spam. It simply ceases to exist.
In view of these changes, I’m eliminting comment moderation. I’ve never liked having to hold every single comment, ping, or trackback in a queue until I could personally approve it. That sort of thing punishes the user rather than the spammer. But a few months ago there was simply no alternative — the site was receiving hundreds of spam comments per day, and I’d be damned if I was going to reward their efforts by letting that stuff get picked up by Google.