Julien,
the majority of comment spam can be dealt with very simply by including
a turing test. On my blog, when I first started getting comment spam, I
added a check box asking if the poster was a human. For a human, it’s
not a massive inconvience to tick a box, but for an automated tool, it’s
a major problem. Was implemented in 3 lines of html and one line of
python. Since I added it, I haven’t recieved a single piece of
spam.

I don’t believe it’s had a major effect on people commenting,
although I currently can’t tell. I could change it to hide posts that claim to be non-human
until I’ve checked them. If spam tools work out this simple problem, I
could change the nature of the test to randomly change between “I am a
human” and “I am not a human”. After that I could include a simple sum
or some other simple question. It also has an advantage over captchas
that it is accessible.

It is a simple change which massively reduces spam by increasing the
cost of spamming and I’m surprised that most people don’t do something
similar.

Jesus, not an email
gateway, but running a bulk spam-teaching script for spam assassin run
in an inappropriate directory, which insists on writing to disk despite
me clearly telling MIME::Parser to use internal memory
structures. I’ll just go stand in the corner.