After a fortnight, it may still be early days; however, since writing the code to allow Smiffy’s Place to take comments, I have yet to deal with any Comment Spam. There are a few possible reasons for this:
- E-mail verification is required for the first comment posted, per e-mail address; this might be too difficult to code for a robot (although I can see how to do it with about 100 lines of Perl), and too time-consuming for a cottage-industry spammer doing it by hand.
- E-mail verification allows me to pinpoint both the IP address from which the request came and, if confirmed, the IP address of the mail host. Would spammers really want to leave such obvious tracks?
- Smiffy’s Place is driven by unique software – writing a robot to target WordPress may be worth the time and effort, but who is going to bother for a single, small blog? Anything that does get through is far more likely to have come from someone trying to spam manually.
- I am not about to disclose how in a public forum, but I will say that the comments programme will not just accept a POST request from anywhere.
It comes to something when the worst nuisance robot activity is actually coming from a large search engine. For the meantime, I will delay rolling-out my Phase II anti-comment-spam measures.