Patrick Lambert over at Dendory Blog has a really nice solution to comment spam. He noticed that he never receives any comment spam and decided to investigate why. It turns out that his immunity is an artifact of the way he handles comment submission on his two blogs.
Spam bots work by reading the HTML for the comment section, capturing the variable names for fields, and then sending the data to whatever blogging engine the site uses. Lambert’s sites post comments by calling a Javascript function that internally renames the variables. That means that the spam bots are using the wrong variable names when they try to send the data directly.
Head on over to Lambert’s post for the details. If you’re writing your own processing code this is a technique worth knowing about. If you can write in PHP, perhaps you could even modify a WordPress site although that would introduce a maintenance problem. We could, I suppose, ask the WordPress folks to do something similar but as soon as the practice became widespread we’d see the scum spammers adapt.