This tip has moved to its new home:
Comment spam sucks.
There are very few things that all bloggers worldwide would agree on, but I'm pretty sure this is one of them.
You know what else sucks? These things:
Yes, the boxes with the squiggly letters and numbers that (hopefully) keep spammers from overrunning your blog with comments for pornography, Viagra, and mortgage refinancing. These little boxes are one type of CAPTCHA, which stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart. The idea is that you, as a potential commenter on the blog, will be able to distinguish the letters and type them in, but a computer program deployed by a spammer will not.
CAPTCHAs don't have to be in this format. As the name implies, all the CAPTCHA needs to do is distinguish you from a computer without requiring the blogger to interact with you to find out if you're a real person. CAPTCHAs can be visual, auditory, text-based question and answer, logic puzzles, or any other computer-generated test that would serve this purpose. It just so happens that the squiggly letters type is very popular right now.
So what's the problem with visual CAPTCHAs?
They are impossible to solve for people with no vision or those using text-only web browsers, and may be frustrating or impossible for people with low vision, dyslexia, or other learning disabilities. If you have a visual CAPTCHA on your blog and there is no alternative, you are barring some of your visitors from commenting. Visual CAPTCHAs with an audio alternative are not without issues, but they're quite a bit better than offering no alternative.
But the CAPTCHA saved my blog from an onslaught of spam! What do I do?
Shut down your blog immediately!
Just kidding.
Actually, your options depend on your blogging tool. Try every spam-fighting option available to you before resorting to visual CAPTCHAs.
WordPress.com and LiveJournal don't even offer a visual CAPTCHA option. However, be aware that if you require commenters on your LiveJournal to be signed in, the account creation process requires passing a visual CAPTCHA with an audio alternative. Vox, which also has no visual CAPTCHA for commenting, requires passing a visual CAPTCHA with no alternative in order to create an account.
Movable Type comes with the SpamLookup plugin, which you may be able to tune to filter out much of your comment spam. See Making the Most of Spam Lookup for details. If you don't mind forcing your commenters to sign in, you can also set up your blog so it only accepts comments from people who are signed in with the Typekey service. Although signup for a Typekey account does require passing a visual CAPTCHA, at least it only has to be done once. Additional options are detailed in Spam Fighting in Movable Type, but be aware that some of the options listed on that page are plugins that create visual CAPTCHAs. My own relief from comment spam came as soon as I installed Jay Allen's Comment Challenge plugin, a non-visual CAPTCHA.
TypePad offers a more limited number of choices for spam control beyond the CAPTCHA, though they maintain a master list behind the scenes that blocks some spam for you. To improve their list, you have the option of reporting spam comments and trackbacks as spam. If you often receive spam comments that include specific keywords, you can block those comments by adding the keyword under Control Panel > Site Access > Word and IP Banning. If you don't mind forcing your commenters to sign in, you can also set up your blog so it only accepts comments from people who are signed in with Typekey. Although signup for a Typekey account does require passing a visual CAPTCHA with no audio alternative, at least it only has to be done once.
Blogger Beta offers a visual CAPTCHA (called "word verification") with an audio alternative. If you don't mind forcing your commenters to sign in, you can instead set up your blog so it only accepts comments from people who are registered with Blogger. Although signup for a Blogger account does require passing the visual or audio CAPTCHA, at least it only has to be done once.
Self-hosted WordPress has a number of options within the Dashboard for commenting plugin spam, and you can also use a variety of plugins. See Combating Comment Spam for details about both strategies. They list some CAPTCHA plugins, but note that not all of them are visual. The Akismet plugin seems to have a good reputation.
I swear I have tried everything my blog software offers for spam control, and it seems like visual CAPTCHA is the only thing that works. What do I do?
Complain.
Not to me, not to your readers, but to the people who make your blogging software. You're stuck between a rock and a hard place, forced to choose between allowing ALL of your readers to comment and being buried in comment spam. That's not cool.
If you've tried everything else and still need the CAPTCHA to make it so you can actually maintain your blog, that doesn't make you a bad person. However, you need to provide feedback to your service provider. If they don't know that their users care about not excluding disabilities, they won't prioritize solving these problems.
So especially if you're paying for the service, complain.
Questions? Feedback?
Please comment or send me an email. If you disagree or if I need to correct a mistake, or if there's a way I can improve this article, I'd like to know.
Further Reading
Want another take on all this? Try these sources:
