[nycphp-talk] user contributed notes on

inforequest 1j0lkq002 at
Mon Jan 10 21:46:19 EST 2005

David Mintz |nyphp dev/internal group use| wrote:

>Gee it must've been a worse sentence than I thought. My point is that they
>apparently have all these plugins that use all kinds of computational
>muscle to defeat comment-spamming, as opposed to the fairly new
>MoveableType style system, which relies on the TypeKey authentication
>service -- a modest PITA for the legitimate commenter, perhaps, but I have
>found it 100% effective and stopping comment spamming.

A central-signon authentication system like typekey is just a hurdle in 
the way of spammers, just like captchas, word games, pictures, and 
randomized forms. However, a central authority that cannot be trusted 
(such as typekey) is actually more dangerous,because it purports to be 
somehting blog publishers can "trust" and whenever there is trust there 
is a hack. (Typekey can't be trusted because it doesn't actually 
authenticate anyone.. it just acts as a middleman i.e. hurdle).

Granted the only thing at risk here is your blog, but the point is why 
set up a trusted authority if you can't trust it? In other words, why 
pass off some control to a "central authority" when you went to blogging 
in order to be free of the centralized mamagement system for publishing? 
Sure of course SixApart would never abuse all that information about who 
is commenting on what blog...... just like Google can be trusted with 

Back to Wordpress... it is cutting edge, so you will find plug ins for 
just about every approach to comment spam management, along with blogs 
chronicling how it did or di not work. Here's a page with links 15 
different approaches (tarpit, google redirector, latency management, 
blacklist, etc etc etc).

-=john andrews

More information about the talk mailing list