On 2 Aug 2013, at 12:17, Rich Kulawiec <rsk@xxxxxxx> wrote: > On Tue, Jul 30, 2013 at 04:40:42PM +0200, Arturo Servin wrote: >> Captchas? Recaptchas? > > Captchas et.al. are completely worthless. They're defeated at will by > the first adversary who comes along that's willing to expend the minimal > resources required to overcome them. Yes, indeed, and in the meantime it excludes many people with limited or no vision, including me. There's a rant here, but you don't want to hear it right now. :) FYI I use the service from http://www.skipinput.com/ for my CAPTCHA-solving needs. Works very well, though you need to be aware that it uses a browser extension. > The best methods for blog comment abuse control seem to be combinations > of network/domain blocks and moderation. Both have their downsides, > though; the former needs to be custom-crafted for each particular > application and the latter can be time-intensive. The "trick", if > there is one, is to use layers of these so that each is conservative > about what it blocks (thus keeping the FP rate down) but that each > leaves less work for successive layers to handle (thus keeping the > FN rate down). Without wishing to kill morale, it's not clear to me how important the IETF is to our friendly cockroach neighbourhood. I'll bet that a simple question and answer (whose answer is trivial to find on Google) is all that we really need to kill comment spam. There is the authentication database at Tools too, of course, and the IETF is quite versed in sending challenge emails, so at worst the combination of a Q&A and a valid email address should scare off the worst, while leaving guests the honour of commenting and leaving familiars almost no work to do at all. Cheers, Sabahattin