When I thought about a better way to tell legitimate users from evil-doing spammers, I came up with [Secret Tags][st].
Today I have two up and running Secret Tag implementations. Both work very well, and I am here to demonstrate this.
From Jan 25th until today there were 312 attempts to spam WWWorker. 40% of these, 125 in numbers, where blocked because of a missing Secret Tag in the form data. The other 60% were sorted out by MT-Blacklist.
For many spam attempts blocked by MT Blacklist a second attempt from the same IP and only seconds after the first got blocked because of a missing Secret Tag. Looks like the spammer had two different comment texts, one with already blacklisted content and a second with content not yet blacklisted text. Fortunatly Secret Tags were there to get rid of this new spam.
One thing my Anti-Spam Tactics is missing. It does not share data between the blacklist and Secret Tags. We need to insert content of comments blocked via Secret Tags into the blacklist. This way we could be sure to be able to block even more spam using only one system.
Conclusions?
* Secret Tag do work in the specified way: Block spam without harming legitimate users.
* Never rely on only one system. Always use two or three systems that work independently and overlapping, but not in exactly the same way.
* Share data between your systems where appropriate.
* Harming your legitimate users with [nofollow][nfn] is not necessary.
[st]: http://www.itst.org/web/269-secret_tags_an_alternative.shtml
[nfn]: http://www.itst.org/nonofollow/