Meta-Review of WordPress Matt’s Automattic(sic) Spam Stopper

Matt, author of WordPress blogging software, has released an anti-spam plugin for WordPress - Automattic Spam Stopper (now renamed as AKismet)

Bad Behavior, a competing rather effective comment spam prevention plugin, author nicknamed IOError posted a review which points out some obvious downsides of such centralized spam filtering mechanisms like:
1. Privacy concern - all your comments are send to Matt’s server for human inspection
2. So far the spam comments are actually marked by humans and hence not scalable - Please see comments by MacManx below for an update.
3. The comments are all kept in your database, including spams which incrementally yet continuously adds to your storage requirements

Any corporation with well-defined data privacy policies in place should hesitate to use such a solution.

Matt envisions free service for non-professional bloggers. He defines pro-bloggers as those who make 500$ or more per month blogging. I wonder how he is going to verify that, look at my tax returns?

Doug McHone says:

Since I have added this program, I have been witness to a great decrease in the spams I have received. Matt’s plugin, called Automattic Spam Stopper (now renamed AKismet) has been tweaked a few times and the spams have been reduced and reduced until it has become an anomaly that any one will get through.

Aside -
Is comment spam such a huge problem? I think recently it is getting more hype than it is worth. I have been using few simple measures to stop WordPress comment spam for 9 months. On average I spend 5-10 minute a week deleting comment spam attempts or approve new comment authors, sometimes less.

Back to AKismet / Automatic Spam Stopper -

I think a de-centralized approach to handling comment spam within a simple framework / plugin has more chance of success that a centralized approach for several reasons.

A single barrier like Matt’s (you get the idea) is much easier to breach and when the payback is so high spammers can spend lots of resources to defeat it. It just makes economic sense for spammers to go after Matt’s err. solution.

Also a spammer can pose as a legitimate blogger, glean information about comments Matt marks as spam and gain useful information to subvert the system.

Such a schema can be subverted by man-in-the-middle-attack, impersonating Matt’s server.

It is very vulnerable to DDOS spam attack against Matt’s spam managed blogs.

A strong de-centralized barrier like Bad Behavior or CAPTCHA based ones or my combination solution provides a stronger protection en-masse against spam. The variety of solution actually makes it much harder to go after and doesn’t make much economic sense.

Also they are not vulnerable to DDOS attack like Matt’s solution.

What can be done is selectively share certain information by spam referrer’s or compromised machine lists etc. to improve the solutions. However not a fully-outsourced solution like Matt’s.

Update: Please see comments by James Huff / MacManx below for update on this software.