Lunacy Unleashed

Notes from the field in the War on Spam

Akismet – Automattic Kismet

Last week I told you all about Automattic Spam Stopper, the new anti-spam solution for WordPress from Matt Mullenweg. There’s been some new news, and you’re going to hear it here first.

First off, the plugin has been renamed to Automattic Kismet, or Akismet for short.

Second, it now requires a WordPress.com API key, which you can find on your WordPress.com Profile page. (Click My Dashboard, then Profile.) If you don’t have a WordPress.com account, you won’t be able to use Akismet at this time, until you somehow finagle yourself an account. The fastest way is probably to use Flock. You don’t actually have to blog at WordPress.com to use Akismet, you just need the account to get the API key. You can use the API key at more than one blog, too.

Matt plans to have Akismet free for personal use, and charge “pro” bloggers $5 per month for the service. He’s defined pro bloggers as anyone making over $500 per month from their blogs. He also has a program set up for large enterprise installations, though I only know of one customer for that right now. However, anyone who participated in testing Akismet prior to today will be grandfathered in and have a free enterprise account forever.

Akismet is surprisingly effective at stopping spam. After having built a sufficiently large corpus of spam to draw from, it’s killing about 99.9% of incoming spam, and has a false positive rate less than 0.1%. However, when the central service goes down, all comments go into the moderation queue. The service has had some downtime, and on the sites where I’ve been testing Akismet, I’ve had to watch the moderation queue fairly closely. Matt says he’s working on new more reliable hosting for the service.

So where does Akismet fit into the overall spam prevention picture?

Akismet has a great advantage over most anti-spam solutions: by seeing incoming spam from all over the Internet, it can identify new spam very quickly, perhaps as soon as seconds after a spam run begins, once it’s in wider usage. It also is better in spam management, having to sort through hundreds of spams to find a legitimate one that might have been blocked by mistake. It presents spam in a compact format that makes it pretty easy to scan through and spot legitimate comments.

However, Akismet has a couple of drawbacks which are common to most anti-spam solutions for WordPress, and a couple of unique drawbacks of its own. The obvious ones are that it’s a for-pay solution for many people who might want to use it. It uses a central server which is subject to downtime. Though Matt hasn’t said much about the secret sauce, it definitely analyzes the content of incoming posts. And finally, it does nothing to keep the spammers from using up your bandwidth and database space.

For most people running a personal WordPress blog, Akismet is the ideal second line of defense. It will entirely replace plugins such as wp-hashcash, Spam Karma 2, AuthImage, etc. In fact, it makes most other anti-spam plugins entirely redundant.

The one anti-spam plugin which Akismet will not make redundant is Bad Behavior. There are several reasons for this. Bad Behavior is a first line of defense, stopping spammers before they can read your site at all, waste your bandwidth, or drop junk in your database. This is especially important for self-hosted sites, or sites hosted on dedicated or virtual dedicated servers, where CPU time and bandwidth are precious. Like most other anti-spam plugins, Akismet does not and cannot conserve its users’ bandwidth, CPU and disk usage from a spam attack. Bad Behavior does, meaning it will continue to be an integral part of most people’s anti-spam arsenals.

You may not think this is important, especially if you have never received a large amount of spam at once. But the day is coming when you will, and having that first line of defense can mean the difference between your site staying up, and your Web host shutting off your site. Spammers can easily hit you so hard as to create denial-of-service conditions, and Bad Behavior has been proven to mitigate this effect. In fact, it’s even stood up to the Slashdot effect without blinking.

I should disclaim at this point. I am involved in the development of Akismet, having rewritten a significant amount of the code from the time it was known as ASS, and integrating CJD’s Spam Nuker into the plugin. I continue to remain involved with Akismet as long as there’s work to do on it (and there are a couple of bugs I need to fix).

As I said yesterday, however, I remain committed to the development of Bad Behavior. It is still sorely needed as a first line of defense for WordPress, not to mention all of the other platforms on which it now runs.

What the future holds? Nobody can say for sure, but I predict that for WordPress users wanting to remain spam-free, the combination of Akismet with Bad Behavior will prove to be a double whammy to blog spammers. For everyone else, Bad Behavior remains the first line of defense, and Matt has said that Akismet could be ported to other platforms as well. Someone else, I think, will have to take up that challenge. My hands are full already. :)

P.S. Matt’s started a web site for Akismet, where you can find more information.

About these ads

October 26, 2005 - Posted by | Akismet, Blog Spam, Spam, WordPress, WordPress.com

15 Comments

  1. Thanks for the great overview!

    As for hosting, it’s all set as of last night, so the problems of the old place should be gone.

    I agree BB will remain important in terms of protecting resource usage, and I’m very interested to see what’s next for that plugin. If you ever need any help with it, I’d be happy to pitch in, and thanks for your help with the Akismet plugin.

    Comment by Matt | October 26, 2005

  2. [...] It sounds like every comment on a blog is sent to a central server, checked to make sure it isn’t spam, and then either rejected or approved. The idea sounds really interesting and worth trying out, so I just installed it here. Combined with Bad Behavior (which is still needed according to its author), this should be very interesting to watch. [...]

    Pingback by Chris Gonyea » Blog Archive » Akismet - The Solution to Blog Spam? | October 26, 2005

  3. [...] Hmm. Probably something like SpamAssassin but for blog comments. According to Michael Hampton, it “entirely replace plugins such as wp-hashcash, Spam Karma 2, AuthImage, etc” so I guess they must have sampled some of those implementations. Further on, he mentioned that he has “integrating CJD’s Spam Nuker”. So we probably get some idea what kind of backend does it have. [...]

    Pingback by Akismet, centralised spam combating solution by Matt | FuCoder.com | October 26, 2005

  4. [...] Matt has announced Akismet – but the best overview at this point comes from Michael Hampton: Automattic Kismet. [...]

    Pingback by BrittaBlog » Blog Archive » Akismet - behold your spam crusher | October 26, 2005

  5. [...] Michael also contributed to a new anti-spam plugin called Akismet, which is being touted as the ultimate spam killer. While Akismet is very effective, it does not stop spam before it hits your website. Thus, Bad Behavior should be used as your first line of defense, and Akismet should be used as your second line of defense. He explains why both should be used in conjunction with each other on his WordPress.com blog. [...]

    Pingback by thehong.com » Blog Archive » WordPress and Spam | October 28, 2005

  6. [...] I just downloaded and installed the Akismet plugin on this here blog and it seems to work very well. It corrals suspected comment spam and then allows you to delete as many spam comments as you wish with the click of a button. One click to delete works for me! This sure is a comforting message, “You have no spam currently in the queue. Must be your lucky day. :)” Must be Akismet working some vooodoo. [...]

    Pingback by Halle’s Smooooth Words o’ Wisdom » Akismet plugin | October 28, 2005

  7. [...] Michael Hampton responds in the comments, and this post makes things clearer: Last week I told you all about Automattic Spam Stopper, thenew anti-spam solution for WordPress from Matt Mullenweg. There’s been some new news, and you’re going to hear it here first. [...]

    Pingback by Chad Dickerson’s blog » Blog Archive » Want Akismet? Then download Flock. Huh? | October 29, 2005

  8. Hi Michael,

    I haven’t laid my hands on Akismet because honestly I’m a bit afraid in case I run into spam.

    Additionally, I was a bit confused on why it needs a WP.com API key when I was using it on my personal blog.

    However, reading your good review, I think I shall give it a shot. But will I need to disable SK2 completely or can I have it running as third line of defence?

    Comment by Ajay | October 30, 2005

  9. Ajay, you must have missed this paragraph in the review:

    For most people running a personal WordPress blog, Akismet is the ideal second line of defense. It will entirely replace plugins such as wp-hashcash, Spam Karma 2, AuthImage, etc. In fact, it makes most other anti-spam plugins entirely redundant.

    You absolutely should disable Spam Karma. It’s redundant, after all. :)

    Comment by Michael Hampton | October 30, 2005

  10. Ok, was waiting for your reply. Will give it a shot.

    Was thinking more in the lines of downtime on the Akismet server and so SK2 taking over.

    Comment by Ajay | October 31, 2005

  11. [...] Owen ruminates on the future of WordPress’ upgrade documentation and why “simple” is never better when dealing with documentation. Bonnie discovers an article which puts an end to the poisoned Halloween candy myth. Michael Heilemann discusses Apple’s tribute to Rosa Parks. Brian lists a few Microsoft Office alternatives, and explains why “Microsoft Office is no more of a must buy than a giant pizza costume.” Khaled completes his Gallery section (more content will be added in due time). Michael Hampton ruminates on the new Akismet anti-spam plugin for WordPress and what the future holds for other anti-spam plugins. Orson ruminates on badly read audio books. Sarah discovers an improvement in her tone and intonation through the use of a single ear plug. Angsuman learns how to change the search engine that is used by Firefox’s location bar keyword search feature. And, Tom discusses a recent outlandish statement made by Forbes magazine. [...]

    Pingback by MacManX.com » Blogroll Dive: 10/31/05 | October 31, 2005

  12. That cleared up alot of things regarding Akismet, I was really wondering about installing it on my site. I have Bad Behavior running (great work there!) and SK2, and I rarely get a single spam. Really I see no reason removing SK2 until there is a real ensurance that Akismet will be as sufficient and much overpower it. I will probably try it out just for the sake of it but when you mentioned ‘Downtime’ I think everyone kinda went Oooh…

    Anyways great review, thanks :)

    Comment by Usayd | October 31, 2005

  13. Hm, I haven’t seen any downtime since Matt got the service moved to the new host. (Did you see his comment above?)

    Comment by Michael Hampton | October 31, 2005

  14. [...] nous avons peut-être écarté Bad Behaviour un peu hâtivement de l’armement anti-spam d’Almaren. Son auteur a présenté quelques arguments en faveur de son emploi en parallèle avec Akismet qui nous paraîssent dignes d’intérêt. Précisons qu’il a également participé au développement d’Akismet, mais qu’il continuera à développer Bad Behaviour également. cms Spam WordPress wordpress plugins // Used for showing and hiding user information in the comment form function ShowUtils() { document.getElementById(“authorinfo”).style.display = “”; document.getElementById(“showinfo”).style.display = “none”; document.getElementById(“hideinfo”).style.display = “”; } function HideUtils() { document.getElementById(“authorinfo”).style.display = “none”; document.getElementById(“showinfo”).style.display = “”; document.getElementById(“hideinfo”).style.display = “none”; } [...]

    Pingback by Bad Behaviour et Akismet, alliés naturels @ Almaren | November 8, 2005

  15. The best way to stop spam would be to spend some time in moderating the comments persoanlly rather than relying on any captchas. You can go to the other extreme of not allowing anyone to comment – but then the whole essence of sharing information is lost. At least Yahoo and MSN rewards the commentators with relevant backlinks, so that is a reward which many spammers like to go for.

    Comment by Tom in Cala Dor Palma de Mallorca | October 1, 2006


Sorry, the comment form is closed at this time.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: