Aces Full of Links

I really hate CAPTCHAs and find myself avoiding commenting on blogs that employ them. I also find quite often that my comment never goes through, because the CAPTCHA timed out while I was writing the comment, I hit submit and went back to my Google Reader window without noticing that the results page asked me to resubmit the comment with a new CAPTCHA. It's fucking obnoxious.

I've been using the Akismet spam plugin for WordPress and get maybe one spam comment a month now. It works fine.

I got a spate of spam on this blog a couple of weeks back, but since then (and for many months before that) it's been completely quiet.

I have some problems with the current strict spam filter on my blog, but I'm lucky to be in a blog spam quiet spot at the (extended) moment.

I whine about CAPTCHA more than you do - mainly because it is a huge impediment to making the net accisible for people with disabilities. I finally sent an email to one of its developers, a guy at the U. of Chicago. After getting no reply I tried again, and finally got an email back from him. His reply was "Well, if it's that much of an issue, get someone to help you with it". Well, f-ing thanks a pantsfull. I hate CAPCHA, and if you think I do, you should read some of the disability rights forums.
/rant

I like your solution and don't see any flaws in it. Perhaps a slight enhancement would be to have the frequency of re-proving be random (every 4-8 times) to make the bots job harder.

reCAPTCHA appeals to my altruistic side and CAPTCHAs in general have never bothered me but you make a good point about the foolishness of proving sentience for every comment. Okay, until cookie tracking is added to CAPTCHA systems you've sold me.

I use Peter's Custom Anti-Spam as a captcha for my blog at http://www.gcpvd.org. I have Akismet but even that was letting junk through, I have a very low level of comments and it just got ridiculous to be constantly battling spam and have such a small number of real comments.

I like this captcha, its not super secure as it does not do a lot to obscure the word, it is very much legible in custom fonts which I can control (I removed one font because the 'o' and 'a' looked too similar). I can also use custom words, I'm using Providence street names, which my readers should be familiar with. Also, the latest update reads the captcha word to visually impaired readers, I'm not sure how well it works for people who have a reader on their browser, but I've listened to it and it very clearly reads the letters with an as in i.e. "a as in apple."

Sadly I think they are a necessary evil to protect the sanity of webmasters. I do think it is an area where innovation seems to have stagnated, and especially someone like Google should really be working on a better solution to this issue. Yahoo captcha's are also almost impossible to read half the time.

My problem now is trackback spam, I'm on the verge of shutting off trackbacks unless I can find a solution.

You might be interested in this paper, presented at the 2005 Conference on Email and AntiSpam (PDF file):
"Computers beat Humans at Single Character Recognition in Reading based Human Interaction Proofs"
http://www.ceas.cc/papers-2005/160.pdf

As to trackbacks... they're completely useless, because of the spam problem, and many, many blog sites have them disabled, or simply don't support them in the first place.

Indeed - I routinely turn off trackbacks because I got no good use out of them.

Thanks for the paper reference.

I just read an interesting article about spam in CACM which talked a little about CAPTCHAs. Letters that are obscured beyond readability for humans can be read by machines, but overlapping the letters confuses the machines. Perhaps there's an innovative way to find something we do well that computers do badly. I know there's a reason for cognitive psychology to exist besides to entertain me. :-)

It also mentioned in the articles that people don't realize how much of a problem spam is because they don't see most of it, but -- I wish I had it in front of me -- spam accounts for the majority of email on the internet. By a wide margin. It seems like no progress is being made because there's a technological war being waged between spammers and anti-spam technologists.

I sympathize with people with access issues, and that is definitely an area that could benefit from research. But the internet would be useless to us all if we had to wade through all the spam that's launched at us every day. Even with spam filters, about half my email in the morning is spam (and really, no matter what product I use, I just don't think "it" is going to get any bigger, since I don't have one to begin with). If 90% were spam, how long would I bother using email?

What's interesting to me is that it's so obvious to us when something is spam (well, most of us, forget phishing), but we haven't perfected machine learning on this issue. Again, the spammers see what doesn't get through and try another tactic. But I know when I see a Russian subject line or words with a bunch of characters stuck in the middle, or any of a number of words, I'm looking at spam.

Anyway, I know that isn't exactly the same as blog spam, but I think spam in general is a larger problem than people realize, and until we find the innovation(s) that will stop it, we should be thankful that the vast majority of it is stopped.

Oops, I started that post before Barry posted and then finished it after, I didn't see his reference!

Offhand I think Blogger's choices are to require captchas on all comments or to require them on no comments. I don't believe there's yet an option to require them for anonymous comments only, which is the option I would prefer. That way people who want to comment can either use a login OR a captcha. No way would I require both for such a tiny blog, unless I was getting a ton of spam.

It just occurred to me that if Wordpress' option Comment author must have a previously approved comment checks IP addresses rather than names then it should theoretically stop 100% of comment spam because I would never knowingly manually approve a spam coimment. We'll see how it goes.

My rickety old blog says it supports some pretty fancy stuff like that, but I can never get it to work because of all the hacking I've done, followed by software version updates.

Someday I'll go over to Wordpress, or whatever else the cool kids are using at the time.