If you don't protect your blog/website, you're going to have a lot of blog comment spam. Sometimes I've seen bloggers that don't even know it's spam and think that they are actual comments Anyway, most of it is posted by spambots. They comment on the blog and get linkbacks to whatever site they desire.
There is obvious spam, like comments that contain gibberish or other strongly non-related content such as links to porn sites (oh well, unless you're running a porn blog).
Then there are spam comments that contain things like "hey, I love this article" or "I love your blog I subscribed to you" or more sophisticated *BLEEP* such as, "you really know how to bring a point across and I completely agree with you on the state of this situation". SPAM SPAM SPAM!
Now, some people don't understand that these are spam comments. Basically my own guideline is that if the comment has nothing to do with the article I posted, I'll remove it, even if it's something like "I really love your blog bla bla bla". For me this is easy to determine, because I post web design tutorials, and I don't write a personal blog or things like that. But I get a lot of spam, like 20 spam comments a day. And it's not only spambot spam either, there are real people spamming too, just commenting on articles for linkbacks without reading the articles.
You can prevent spam comments by using certain WordPress plugins (and I'm talking about WordPress specifically here because that is what I'm familiar with). Here's the soup I recommend:
1. Your first line of defense is a simple captcha-like protection. It's the Math Comment Spam Protection. Basically adds a math question to the commenting function that every guest commenter has to solve. This kills many spambots.
2. Your second line of defense is Akismet, which is based on a reputation system. If spambots or people survive the math question (oh well, it would be sad if people didn't survive it), Akismet will check its database to see if they are spam or not. Akismet in itself is so effective you wouldn't really even need the Math Comment Spam Protection, but I ask you to reconsider this because:
Akismet makes mistakes. When you have the math protection on, most of the spam is filtered out. This results in Akismet not blocking much comments, just the ones that got through. When there is less Akismet analyzed spam, you can easily check through your spam comments section to see if there are any non-spam comments. If you didn't have a first line of defense, you'd have to look through 100+ spam comments a month to see if Akismet has false negatives.
3. Your third line of defense is, of course, YOU. Check your spam queue and don't delete all spam right away.
I have not implemented the Math Comments Spam Protection on my own site yet because well... I'm lazy.
What do you use?
Well Akismet & math plugin are fantastic way to reduce the commment spam, however, i personally prefer to use Akismet & Bad behavior plugin. These two plugins keep most of the comment spam out and I only get to check like 5 - 10 comments in moderation, which isn't as bad considering that Akismet shows these stats -
Akismet has protected your site from 121,921 spam comments already.
Bad Behavior has blocked 3269 access attempts in the last 7 days.
My experiences in web design shows that most people hate that to enter a captcha every time they want to post a comment, actually any entering field will cause the person to go away without leaving any comment and this is not good at all, currently i use two methods for preventing from spams and each will give you some advantages and of course will have some disadvantages.The first way which i use is to separating members from non members, a non member needs to enter all fields which is required like name and email and also the captcha but he will see a notification in the comments area saying that if you register on this website you will be able to post comments without entering any field or captcha and so some peoples with seeing this will register on your website and so they will post comments more easier and you will get a lot of comments, but the most down side of this process is that some peoples do not like to register because they find that this is a hard process and they will just leave the website without leaving any comment. by the way this method gives you many advantages too, one of them is to using registered members emails to send them newsletters and inform them about site changes and new features, another advantage of this method is that you can use the information each member provided on registering process to know which type of persons are more interested in your website and so you can manage where to put your advertisements in to get more visitors. The second method i suggest is to using a trick which is just amazing and i found it just really helpful, in this method you will not get any information from comments poster you only provide them with an easy comment post without any captcha or email and so they will not face any problem in posting their comments, after doing this of course you don't want spams to be visible in your comments section so you should not display this comment to all but you know most peoples hate the website that needs admin verification for their comments so what you should do ? it is very easy just let the person who has posted a comments see his/her comment, you can do this by ip restriction and of course you should not notice that person about what is going on, so he thinks that everyone can see the comment but in fact it is not and you need to verify them for being visible to public, so this way will not give you any information about posters but it will bring you a lot of comments as well as spams, and it has the disadvantage of manually verification which means you should check comments every day to let them be visible to all. i have tested this method and i can say this is the most successful method i have tested ever. I have made the second method working on one of my websites and the results is just amazing, any way each method you use you always should care about people not thinking that their comments will be modified, so do not place any text about admin verification in your website otherwise you will loose many comments.
I agree what Iniyila said, as I've observe not all users like captcha, it annoys themthey want to comment fast, for some people their time is gold and don't have time to type thecaptcha specially when they can't read the captcha (Sometimes I also can't read it)even if you do it in voice mode, You still can't understand it because it's not clearly said by the machine voice.as a protection to spam in my website, I've been using the plugin AKISMET, it is a good tool for everyone, easy to use and detects almost 90% of spam comments.You can also make use of your comment settings, comments must be moderated or approve first, something like that? In that way you can moderate your comments well and manually delete the spams or un-approve them, Manual moderating is still the best solution in making your blog spam comment free but hard work is needed, you must expect that everyday or every hour.. there will be a new spam comment.
It's amazing how much time I can spend on the internet and never seem to accomplish a single thing. As I read your posting I am actually excited to be thinking this is good information that I will retain forever. Thank you for writing on this subject and my only question is - Is this code? Math question hard to put up? You said lazy I am thinking hard?
Wasn't there a person at DEFCON that showed a bot that could get past CAPTCHA with about 70% accuracy? I don't remember the exact link but I do remember reading about it on Gizmodo, they had a special on reCAPTCHA technology and how its' changed over the years. Perhaps we should start looking into 3D images instead of 2D ones because most programs aren't able to perceive depth in an image.
Well, this isn't captcha, this is math kinda captcha. And anyways, the purpose is to filter out most of the spam with the math question, then the more sophisticated spam goes through, it is filtered by akismet. My reasoning for this is, Akismet sometimes filters out legit comments so you have to check the spam queue to see if there are any there. With math captcha in there, most of the spam is filtered from the start so the queues are much shorter and easier to check. As for Papabear and Iniyila, you didn't understand what I said, you didn't read to whole post or you were just ignorant. The idea is described above, again.