Until the mid 90s, spam was a non-issue. It was exciting to get email. The web was also virtually spam-free. Netizens respected one another and everything was very pleasant. 
Those days are long gone. Fortunately, there are some pretty amazing tools out there for fighting email spam. I use a combination of SpamAssassin on the server side and Thunderbird (with its wonderful built in junkmail filters) on the desktop. I am sent thousands of spam messages a day that I never see thanks to these tools.
But approximately five years ago, a new type of spam emerged which exploited not email but the web. Among this new wave of abuse, my personal favorite, comment spam.
I love getting comments on my blog. I also like reading comments on other blogs. However, it's not practical to simply allow anyone who wants to leave a comment, as within a very short period of time, blog comments will be overrun with spam generated by scripts that exploit sites with permissive comment privileges. To prevent this, most sites require that you log in to post a comment. But this may be too much to ask of someone who just wants to post a quick comment as they pass through. I often come across blog postings which I would like to contribute to, but I simply don't bother because the site requires me to create an account (which I'd likely only use once) before posting a comment. Not worth it. Another common practice is the use of "captchas" which require a user enter some bit of information to prove they are human and not a script. This works fairly well, however, it is still a hurdle that must be jumped before a user can post a comment. And as I've personally learned, captchas, particularly those that are image based, are prone to problems which may leave users unable to post a comment at all.
As email spam grew, there were various efforts to implement similar types of protection, requiring by the sender to somehow verify he was not a spammer (typically by resending the email with some special text in the subject line). None of these solutions are around anymore because they were just plain annoying. SpamAssassin and other similar tools are now used on most mail servers. Savvy email users will typically have some sort of junkmail filter built into their email client or perhaps as part of an anti-virus package. And spam is much less a nuisance as a result.
What we need for comment spam is a similar solution. One that works without getting in the way of the commenter or causing a lot of work for the blog owner. Turn it on, and it works. I've recently come across just such a solution for blogs which also happens to have a very nice Drupal module so you can quickly and easily put this solution to work on your own Drupal site.
Enter Akismet
It's called Akismet, and it works similarly to junkmail filters. After a comment (or virtually any piece of content) has been submitted, the Akismet module passes it to a server where it is analyzed. Content labeled as potential spam is then saved for review by the site admin and not posted to the blog.
Pricing
Akismet follows my absolute favorite pricing model. It's free for workaday Joes like me and costs money only if you're a large company that will be pumping lots of bits through the service. They realize that most small bloggers are not making any money on their sites, and they price their service accordingly. Very cool.
Installation
In order to use Akismet, you need to obtain a Wordpress API key. I'm not entirely sure why, but it is free and having a collection of API keys is fun. So get one if you have not already.
The Akismet Drupal module is appropriately named Akismet. It's not currently hosted on Drupal.org, but hopefully the author will eventually host it there as that is where most people find their Drupal modules. Instead, you will need to download the Akismet module from the author's own site. The installation process is standard. Unzip the contents into your site's modules directory, go to your admin/modules page and enable it. There is no need for additional Akismet code as all the spam checking is done on Akismet's servers.
Configuration
After installing Akismet, I was immediately impressed at how professional the module is. There were absolutely no problems after installation. Configuration options are powerful and very well explained. The spam queue is very nice and lets you quickly mark content as "ham" (ie not spam) and delete actual spam. As you build up a level of trust with the spam detection, you can configure the module to automatically delete spam after a period of time.
Spam filtering can be enabled on a per node type basis, allowing you to turn off filtering for node types submitted by trusted users (such as bloggers) and on for others (eg forums users). Comment filtering is configured separately.
Another sweet feature is the ability to customize responses to detected spammers. In addition to being able to delay response time by a configureable number of seconds, you can also configure an alternate HTTP response to the client, such as 503 (service unavailable) or 403 (access denied). Nice touch.
One small problem
I've only been working with Akismet for several days now. And I'd previously been using captcha, which I imagine got me out of the spammers sights for a while (spammers seem to spend most of their efforts on sites where their scripts can post content successfully). So far, Akismet has detected 12 spams, 2 of which were not actually spam. These were very short comments, and I imagine Akismet takes the length of the content into consideration. I assume that as the Akismet server processes more and more pieces of content, it will become more accurate in picking out spam versus legitimate content. Each time a piece of flagged content is marked as "ham", it is sent to Akismet where it can help refine their rule sets and make the service more accurate.
Perhaps Akismet could provide an additional option that allows users to increase or decrease tolerance for spam. I would prefer to err on the side of caution and let comments through.
Updates
Fri Nov 17 12:32:41 2006 - There is a another spam module for drupal that I was not aware.
Sat Nov 18 18:34:57 2006 - A slightly different take on the Akismet module: Akismet ROCKS.
Bryan
CMS Report
The first two comments to this thread were both marked as spam, though I don't really understand why. If Akismet is not able to reduce its false positives, it will prove no more useful than an admin queue. The test continues.
It is odd. I've had 2 or 3 that were unpublished but not marked as spam; but that's it.
You should turn on the extra fields so that your comment posters can enter a name and a URL. I think that might be part of why akismet thinks some of this is spam.
I didn't realize I had those fields turned off. Thanks for the pointer. We'll see if that lessens my Akismet false negatives.
I don't really understand why
I'm surprised you were able to get akismet to work on this. Drupal and Akismet notoriously do not get along and just will not work correctly. How did you successfully install akismet because I am thinking of switching over to Drupal but I only know wordpress.
Anna Richard
It is as simple as pie ..
J Teo
http://www.exec-speed-reading.com
Actually the image in the post is really funny :-) I don't like Akismet btw. There's still too much spam. The best thing to do is implement sth individual. No readymade plugin or sth because spammers always find a way to circumvent the most common antispam-stuff ..
Probably the best way to fight against bulk spammers, those that use scripts to find sites and in my case are the annoying ones because they flood my sites with all kinds of useless posts, is to do some javascript tricks on the "post reply" or "register" buttons.
Most scripts can find those buttons automatically and then they display the current webpage to an operator who enter the captcha. The rest of the process is also automatic.
If you make a fake button which only a robot can follow and you change the destination of the link via JS to the real posting page, you can successfully avoid most spammers.
--
Liz
Poemas
Akismet was allowing blank replies
http://www.abouttruck.net
I hate captchas. Half the time I can't figure out what they are saying.
This is true! Sometimes the CAPTCHA is too good!
Well, Akismet IS a great thing. They also claim it does not matter which language your blog is in. So we tried on a German Drupal-based multi-blog site and it worked really good. But all of a sudden, nearly all German language content no matter what it really included got marked as spam and frustrated the users of the blog.
So we switched it off since Akismet also did not see any point in replying on our inquiry. We were in fact already considering to use Akismet on a paid enterprise level, so you might thing that they would have had some interest in us, but no.
In fact, we switched back to the older Drupal spam.module and this proofed to be a very good choice anyway. In addition, we have ModSecurity installed on our Apache server which is not an outspoken spam filter, but it watches anything that comes in and goes out even, which does help preventing an automated spamming attack non-the-less, if that system tries to post too aggressively.
Anyway: I hope that Akismet does a better job for you with English language posts then it did for us with German language posts; nontheless, watch the spam list for any false positives, though!
I believe Akisment is a pretty new service. It's understandable if they don't offer multi-language support initially.
But I do think they should definitely respond to inquiries.
Spam sucks, both online and in the can.
I did have Askimet enabled on my allergy information, but disabled it because it seemed to make submitting comments very slow.
As of yesterday, spammers have found my site, so I've enabled it again. Once again, submitting comments has become slow. I hope this does not discourage too many people from posting comments, because I like relevant comments, and they are helpful to other visitors to my site. However, I know from some of my other sites (which use WordPress) that once you start getting spam, it just accelerates.
I posted a request for support about the slow commenting problem on the drupal.org site, but now one has picked up on it. Anyone else having this problem?
Note about WordPress Askimet does not slow down commenting at all in WordPress. It works very well in WordPress. I am not aware of any false positives on my WordPress sites. I scan the spam very quickly - it all looks suspicious, none of it looks legitimate.
They MysteryWith Akismet installed, comments now accept emails. Great! But short of manually viewing the database in MyPHPAdmin, does anyone know of a way to view the email of a commenter?
please help me i've got spam!!!! hw can it change??? please guys???
I use Akismet on my sites powered by Drupal and WordPress. It's one of the best solutions against spam comments.
I continue to be happy with Akismet. It's very good at detecting most spam. However, one still needs to review comments on a regular basis. I find that a lot of the 'hey great article' (whose purpose is to create a link to another site) spam posts tend to get through.
But so far, I've been able to leave anonymous commenting on.
this is for you
http://www.buzerave.com
thanks its for me also,
Yeni sezon
Spam is worse than rotten eggs on a sandwhich
I would have to agree. I us the new WP after upgrading my SQL hard core, which was totally insane, but after that then new WP 2.1 with askimet is awesome.
Just saw that moronic qwerere spammer. I hate this guy and have him blocked on all my sites, but he keeps trying to login every day multiple times. Either its a bot or a login + password was posted to a hacker site. In any event, I was wondering if this site uses askimet because the qwererere guy obviously got through.
My solution was to ban anyone with a .info or .tv or .biz site from creating a user.
just noticed that my akismet service is throwing 503 service unavailable message every now and then, wondering whats wrong.
Akismet works best for me. I used to get 15~30 spam comment everyday and I am tired of that. Thanks to Akismet, I only getting it once every few days now.
I have passed to the new version of wordpress few months ago, and Akismet installed as default, and it really stops spam messages, I was tired because of cleaning viag.ra messages:)
We must all understand that blogs are a great tool for people sharing information and have a voice. There is no software that can stop spam in my opinion
I have to agree. Further to that any product that is doing a great job today may not be doing such a great job a year or 2 down the track. As soon as something is developed to prevent hackers/spammers and is taken up by the mainstream, the hackers/spammers are working on ways to counter act the software. I think if you reaslly want to stay on top of it you would have to re-evaluate what software you use every 12 months or so.
---------------
Bidding Directory
I believe akismet is the best to fight with spam. However I live in Turkey and the wordpress.com website is forbidden. So I can not get an API which is needed to start aksimet. Is there any other way to get API without entering wordpress.com? Thanks for answers.