Back in the early days of blogging and when comment spamming was still fairly small scale (compared to today) one method people used to stop a spambot was to use a CAPTCHA. The idea was that a comment spambot could not read the image and so the comment would fail and you would not get any spam. Obviously the spammers really did not like these CAPTCHA’s so they devoted resources to get around them.
In January 2004 — 5 years ago — Cory Doctorow blogged about pornography being used to get humans to solve captchas for spammers and there were scripts which could defeat different CAPTCHA’s. It is because of those scripts that you can now be faced with images that you struggle to get right. All you want to is leave a comment right?
Companies still believe in the power of the CAPTCHA and they are now very wrong to do so. Where there is a demand by those wanting to spam there is supply – and it’s less than a cent to spam your blog. At ZDNet’s Security blog they report on an industry which can solve a quarter of a million CAPTCHA’s a day.
You write a post and you would like comments. Using a CAPTCHA to stop a spammer is not going to work. If someone is writing a reply to your post why make them solve some image with distorted letters? They want to think about your post not whether that is an 8 or a B, a 1 or I or l. If people have previously been annoyed by these things they may not even bother trying to leave a comment. You lose here — your blog lost a comment.
Putting visible obstacles to commenting irritates readers and gives spammers something to overcome and the more information spammers have the more likely they are to spam your blog. This is why Akismet works as it does — keep the spammers guessing but let people comment freely. Commenting should be as easy as blogging because that is how to keep your conversations going.
Akismet 
You’re absolutely right! I hate CAPTCHAs because they deter legit comments. I especially hate it when the letters are distorted to the point where I can’t tell if it’s a W or 2 Vs close to each other. The audio version is worse because it slowly reads each character behind static and random noises.
I agree. Akismet has been a bit of a godsend to bloggers like us. Notice that MySpace uses captchas and Facebook doesn’t. Guess who’s ahead now.
i have akismet on every site and i still get a sea of spam every day that gets past your software. now i’m forced to use a combination of akismet and another plugin where users must enter a spam word in order to post a comment. works wonders. and i agree, those captcha images are sometimes insanely hard to figure out. so just giving the reader a very clear word for them to type in works just fine, and my spam has lessened noticeably by nearly 99.9%. if a visitor can’t be bothered to type in an extra single word in order to leave a comment, i’m not sure i want such a lazy bum to post on my sites anyway.
Jack – have you contacted Akismet Support with some details? We would like to help.
I have to say, I’ve found that by getting people to be registered and logged on to my website, has greatly reduced the number of spam comments I get. Even Askimet hasn’t been getting as many hits by doing this. Askiment’s been getting about 1 or 2 spam comments a months since I activated this feature.
Rodney – asking people to register is one solution. But it means if I come to your site and want to comment I have to register just for that and I probably would not. It creates a barrier for a comment that may only be left once. I can see your point but it does come with a downside.
I totally agree, I’ve already given up of commenting because no text I inserted worked, it even seemed that the captcha was bugged and denying any attempt.
Comment must be easy, that’s why I dedicate effort to make it look nice and give features like threaded comment and previous.
I already have to read and aprove each comment before letting it appear public (in Brasil webmaster is legally responsible to any comment in his blog), so I just take the opportunity to see if it is fake or a real comment.
Simple like that.
Agreed.
Let me confess, I have a hard time completing cumbersome CAPTCHA codes. Even for easy stuff like Re-CAPTCHA, I find myself reloading the image a few times !
Akismet does a nice job. There are a few other plugins out there that eliminate bots before they appear.
I recently started using Intense Debate comments – lets see how their built in support/integration with Akismet works.
I turned down Akismet from my blog, for that purpose. However, I noticed that when JS is turned off, Intense Debate does not load and the default commenting loads up, in which case, spammers can get hold of my site.
Let me see how things run and I will tweak accordingly soon 🙂
How can Akismet learn “my behavior” when I mark a comment as spam? That’s when it will truly become a life saver. I use it, it catches many, but I still have to delete some that are marked as spam. These comments are probably marked as spam by my rules, that said, why does Akismet not delete them? Can it be made to do so?
Acekin – Akismet would not auto-delete those. If we had auto-delete and someone made their own rules and a mistake was included they would lose comments.
Couldn’t have said it better myself. I sometimes wonder how many visitors various web sites are losing just due to those amazingly inventive and annoying CAPTCHAs.
Spammers will always be around, you close one door and they open another.
I personally don’t use CAPTCHA, I got irritated with it
thats the reason why i love akismet
I don’t think WordPress would be usuable without Akismet considering the amount of spam it catches each day. My vbulletin forum is evidence of CAPTCHA failing on numerous occasions. No wonder vbulletin now has an Akismet option.
I’ve found Akismet invariably unwieldy and bloated, hard to understand and manage.
My favourite anti-spam plugin is still Math Comment Spam Protection plugin. Light-weight, super accessible. And in nearly three years of using it, I had exactly ONE spam comment (done by hand! was almost amusing…) and plenty of other, normal comments.
Juno – if you can contact Akismet Support I will help.
Somebody can explain me please, how should I use Akismet to protect my forum (for example) from automatic user registrations?
We must agree, there are things were captcha is a simple and effective solution. Of course Akismet is the best solution for spam filtering I’ve ever used when it comes to comments/forms 🙂
Stas – Akismet was not designed for any sort of registration screening so it would not be the suitable tool there. I would ask at the support forums for your brand of forum.
I am a happy user of Akismet but any providers don’t like it because it stocks spams in wp’s database. If there is a lot of spams that situation increase the access on DB…
Benoît – only spams that are yet to be seen / moderated are kept.
HI all. I agree with AzzX. I believe that WordPress would be a different place alright if it wasn’t for Akismet. As far as Captcha is considered, I also agree with most here, that sometimes the letters or numbers were so garbled I gave up commenting at some places only because I got frustrated with trying to figure out the letters/numbers.
Considering the source, the statement about CAPTCHAs not working is not very credible.
Commenting shouldn’t be as easy as blogging, it should be easier. If it was as easy as blogging, there would be a CAPTCHA or a registration process or configuring a database involved.
Rob – You are right, it should be easier.
Jack – since I installed Akismet I saw no spam (ok, maybe one in 3 months) and the visitors are happy because they don’t have to guess that dam CAPTCHA. Maybe there’s something with the server you are on (or misconfigured PHP) and can’t connect to akismet? It’s very weird you get “sea of spam”… 😐
I hates CAPTCHAs as sometimes I myself could not read the image but the combination of math tool and askimet is a good choice for me
Well Akismet saved me from a TON of work today for our WP blog. Some spammer used some software or something to hit our blog HARD. And I mean hard. 4-5 comments left on over 100 blog posts within just a second or two. Yup, crashed out site for a moment.
Thankfully not ONE comment got through – all of them ended up in Spam.
I’ve never seen anything like that before.
Dangerous stuff – I have no idea how to stop that from happening again. If more spammers get their hands on whatever that person used to ‘attack’ a TON of blogs are going to be crashing out there. Scary stuff.
If a bot manages to get through the registration process, akismet will detect the spam posts and leave it for review in the case of vbulletin.
While I can’t fully support the idea of abandoning “captcha” to prevent spam, as a commenter who feels frustrated on other captcha-implementing pages, I agree to take AKISMET for granted.
However, both technologies need to be improved as it is equally frustrating to filter out false spam-markings among a 100 junk so-called comments as well as confusing grB with gr8 – for example – on a captcha form.
What is 2+2 = ?
I use Akismet and http://sw-guide.de/wordpress/plugins/math-comment-spam-protection/ plugin. Akismet works good, but 5 000 -> spam in month are too much. Match Comment Spam protection is simple What is x + x ? plugin. That mean, no spam and reached the filter junk message is prevented Akismet forces.
Sorry, bad English. 🙂
Akismet is great, but it’s not perfect. If left simply to Akismet, my blog, which has been around since summer 2003, would see at least four or five dozen spam comments during any one week sneak past. In the course of a month, that would begin to pile up.
The point is to not get any spam at all. That’s a tall order, even for a successful plugin like Akismet. So, like many others, I run an additional antispam plugin to supplement Akismet. I would suppose that most large-scale bloggers do or else people would stop developing antispam plugins and everyone would simply switch to Akismet alone.
Don’t get me wrong! Akismet is great. But something beyond great is necessary when it comes to keeping ahead of the flood of spam out there.
Akismet is great and Captcha is not perfect but it has never stopped me commenting and I’ve probably come across half a dozen that are unrecognizable.
Also, some Captcha versions performs a valuable service, if you see two captcha, one will enable the comment to go through the other is part of a huge book digitizing process and the words given are ones that cannot be deciphered by automated process.
That’s right. Captcha only send your visitors away, only kick off your visits. Because is not acessible, and everyday more users request better acessibility.
I agree. Those CAPTCHAS can be downright annoying- “ERROR: The Validation Code wasnot entered correctly” so annyoing. So far Askimet has blocked every single spam/vandalism comment from my blog, without sacrificing comments.