In an attempt to stop the insane multitude of comment and tackback spam flying my direction, I have implemented the grand-daddy of all anti-spam plugins, Spam Karma. Spam Karma checks comments/trackbacks for the following: if the poster is logged in the current blog and what his user level is (e.g. automatically approve Admin posts), presence of “bad” HTML entities. presence of a HTTP_VIA header, proper use of the posting form (hash value must be present), time taken to fill the comment (e.g.: if it’s less than a few seconds, most likely spam), first time posters posting many comments at once vs. old-timers (with comments previously approved by the admin), IP and regex match for URLs contained inside the comment (small weight only for non-URL text matching a URL regex), realtime Blacklist (RBL) Server check for IP and URLs, comment’s age (e.g. penalize comments on very old post). After Spam Karma finishes with its gauntlet of checks, it assigns the comment/trackback a score. This score determines how the comment/trackback is handled. The comment/trackback is either automatically approved, held for admin moderation, or automatically deleted. So far, Spam Karma is doing a good job. If you experience any problems, please contact me. My email link is located in the sidebar to your right.

If you are looking for other anti-spam solutions for WordPress, look here.

Update: I’ve gone back to using WP Hashcash.