I guess I haven't been on the radar long enough to really get a load of comment-spam. I'm sure having a non-wordpress URL helps a bit too. Initially I as using a CAPTCHA for comment entry. Well, I'm guessing that the shared (like a two dollar lady of the evening) server that is hosting my blog didn't have enough mojo to be reliably be generating and streaming CAPTCHA images, because the didn't reliably show up making commenting impossible. That was quickly ditched.
So I was left with after the fact moderation. I get an email every time a comment hits with the full text of it and two URL's in the email. One I can click to delete the comment and another to view it. This has let me get rid of the 5 or so pieces of comment spam I've gotten to date. I have neglected to use the blacklist and blocked IP functionality in dasBlog yet.
Today, I caught a post through my friend Bill's shared feed over at Bjorkoy.com called Bulletproof protection against comment spam. This reminded me that I'd seen another post about something similar over at thekindproject.com about comment spam called comment spam part ii. In that post jonk links to Ned Batchelder's post called Stopping spambots with hashes and honeypots. First of all if you don't know what a honeypot is you must look now.
Well, there is a great weath of information in Ned Batchelder's Post as well as Borkoy.com. Here are my favorite suggestions:
By watching how spammers fail to create spam on my site, there seem to be three different types of spam creators: Playback spambots, form-filling spambots, and humans.
-Ned Batchelder
Ned's piece is interesting because he focuses on using technology to counter the different approaches to delivering comment spam. Borkoy is more straight up technology.
The technique I am using, and which is working very well, is to randomise the names of the form fields.
When the form is loaded a PHP script generates random names for all the form fields and then adds a hidden element with instructions on which random form name should equal which real form name.
When the form is submitted the comment handler unscrambles the names and assigns the values. Any form fields submitted that were not included in the unscramble instructions are wiped.
-from Bjorkoy.com but apparently mentioned to him by Andrew whom I am triply removed from
Ultimately, just this evening, I have turned on the Askimet support in dasBlog and will see how this works out. My next goal is to make posting by email work. I'm aiming to be able to send in photos from my day to day directly from my phone. I see some really funny stuff in NYC and I'd love to share.