The spam nightmare continues, but thanks to Akismet, it’s been reduced to a minor nuisance on this blog.

Akismet was created by Matt Mullenweg of WordPress. Thankfully, the folks who run WordPress didn’t keep this to themselves, but opened it up to all types of blogs—and even other applications, such as forums. Anything that accepts user comments should be using this.

Here’s how it works. When a comment is received on your blog, or a post on your forum, or whatever, your software first submits the comment to Akismet via it’s open API. Akismet does its magic and tells you whether the comment is spam or not. If Akismet blesses it, then your software goes ahead and posts the comment. If not, it puts it in a holding pen, where you can double-check that it is really spam before deleting it. If you’re using WordPress, you can just download the plug-in. If you’re using Mephisto (the Ruby on Rails application that runs this blog), then it is built in. There’s a wide assortment of libraries and plug-ins for other platforms as well.

Understandably, the Akismet folks don’t disclose just how they decide what’s spam, but in my experience, it has been 100% accurate. They do have a vast volume of messages to learn from: since the service started, they’ve detected a staggering 643,803,210 spam posts, and they see millions a day. A revolting 94% of all posts submitted are spam.

The spammers are getting a little more clever, but Akismet is one step ahead of them. The 20 or so posts a day I’ve been getting for male dysfunction remedies are linking back not to the site of any spam company, but instead are linking to posts on other blogs and forums where the spam has been posted. So the link is to a legitimate place, which is unknowingly hosting the spam message. These posts come in bursts of three to five, each with a different email name attached and with a slight variation of the text, but clearly they all come from the same place. Akismet has gotten them all, so you never see them, and all I have to do is do a quick daily scan of the quarantined posts and click “delete all.”

Once you’ve installed a plug-in or integrated one of the libraries, you need to get an API key. This identifies each user of the service and helps the WordPress folks monitor use of the system and control abuse. An API key is free for non-commercial bloggers (which they define as anyone making less than $500/month from their blog). If you’re a “pro blogger,” you can get a key for just $5/month, which is well worth it. Enterprise subscriptions start at $50/month for 5 blogs. Non-profits can use the service for free if they provide some back-links to help promote the service, or for half-off the enterprise prices if not.

With this service available, there’s really no excuse, other than the need to implement the API interface, for any software to be posting spam. If we can eliminate the ability to post spam, we can take the upside out of this dirty business and send the scum who post spam comments off to some other misguided pursuit.