I've added a ReCaptcha component to the comment form on Workbench to deter spammers. The ReCaptcha system presents two hard-to-read words that must be typed in successfully for a comment to be saved. Here's what the component looks like:
I tried as long as possible to avoid using captchas, but the amount of spam hitting this blog continues to grow, particularly from foreign IP addresses. Workbench has received 16,000 comments and more than 260,000 spam since it began accepting comments in 2002.
The ReCaptcha project serves a useful purpose, digitizing old books and newspaper articles by getting millions of people to identify words that OCR software couldn't recognize. Adding the component took around 10 minutes: I signed up for a ReCaptcha account, stored the PHP library recaptchalib.php on my web server, and added less than 20 lines of PHP to the page that takes comments.
The addition of captchas serves as official notice that my comment flak technique failed to deter spammers. I'm retiring that code.
Testing the new system ...
Looks like it's working okay. We ship a Recaptcha plugin with MT, but you might also want to look at TypePad AntiSpam. It's free (no matter how many comments you get), open source, works with the Akismet API so there's plenty of libraries out there, and doesn't impose a usability/accessibility burden on folks. Just an option. :)
can you supply more details about how badly your old system failed? It's certainly not going to deter spam attempts at all, but few techniques do. I never see any comment spam here, but what kind of percentage are you having to remove by hand? Because your comment flak technique still sounds like a pretty good idea.
ps, I had to have five different tries at reCaptcha before I got one that was readable, didn't have an untypable symbol such as "1/2" in it, or wasn't several words mashed together. This sucks.