Reducing Comment Spam - Akismet or CAPTCHA?
Back when I had my blog running on PHP, I had a lot of trouble with spam. At the time I installed Akismet, but it didn’t seem to be doing as good a job as I had hoped. I eventually stopped accepting comments completely.
Commenting was something that was on the ‘A’ list when it came to creating my new blogging app, it was something that I really needed to get feedback from those who read my blog. Without interaction, a website is pretty much a one-way affair.
CAPTCHA
I reintroduced comments in my new app, but this time using CAPTCHA (Those funny skewed words like the one to the left, that you have to type into a text box). It was fairly easy to setup once I had RMagick up and running with the validates_captcha plugin. It worked well, I received zero spam in the week or so I used it.
There is a massive downside to using CAPTCHA though, it provides a barrier in terms of usability to people wanting to leave comments. Commenting should be as easy as possible, so people feel inclined to do so. Having to copy some text from one place into another is a hassle, and is likely to put a lot of people off. I know it puts me off. Also, anyone running their browser with images switched off will be unable to see the CAPTCHA image, and thus unable to post comments.
Akismet
From a user’s perspective, Akismet is a far friendlier proposition. There is nothing for the user to do other than to submit their comment. All the spam analysis is not done on the host server, but by Akismet, who compare the comment against their database of other spam, and tell you whether or not it is spam.
It’s easy to implement in Wordpress and many other publishing apps. Installing in Rails is also easy, thanks to the turorial by Dieter Komendera and the Ruby Akismet class by David Czarnecki. I used a heavily modified version of the method in Dieter’s tutorial, and added methods to flag mistakes, using the methods provided in the Akismet API.
It’s very accurate, and I’ve yet to get a false-positive where it incorrectly marks a comment as spam. Even though this hasn’t happened, I still like to keep even the spam comments, but not display them, until I have had time to review them. During moderation, I can correct mistakes made by Akismet, and automatically notify them of their mistake. In this way new spam is always being added to their database.
This approach does mean a little extra work for the site owner, but surely for quality interaction with their readers they should be doing this anyway?
Feel free to test Akismet out in my comments, and tell me what you think of various spam detection methods. If you want to generate a positive spam result, then use the name ‘viagra-test-123’, works every time! Have fun.