We run the reCaptcha on our live site and it works perfectly!

Not only captcha but some other anti-spam protection should be (optionally) added.

The best i have found as fully effective is to allow a newbie to post after 24 or 48 hours. Spammers don't ever come back.

Again this could be enabled or disabled for "community" defenders.

users wont even come back aswell in many cases...

Well, personally i HATE ReCaptcha. I find it hard myself.

While it may keep out spammer-bots, it keeps out legitimate users also.

The nice thing about reCaptcha is it will 'speak' to you if you can't read it. But blocking users for 24-48 hours will honestly keep them out much more than 'reCaptcha' will. At least with a captcha program, the user can post immediately. Many times when I go to a forum I have to register on, it's so I can post IMMEDIATELY for whatever reason. Having to wait several days usually sends me somewhere else.

That is why i said to make it optional-configurable.

Yaf Already includes the akismet api, more info about that here [modalurl]http://akismet.com/[/modalurl].

But its currently not implemented as working solution for yaf, maybe it could been done in yaf 2.0

I absolutely agree on that. Unfortunately Captchas are not really safe anymore Spammers started paying people in third world countries to pay to solve the captchas.

The thing that stinks about akismet is it costs money -- for many sites that are not-for-profit, if they generate large amount of traffic you get hit with a fee from akismet. As for the captchas - agreed they're not 100% effective, but they still put a major hit on the spammers vs. not running anything at all 🙂

Yes, i almost forget about that, that makes it kind of useless. An alternative could be the Google Safe Browsing API  it checks the posted links against a white & blacklist.

Spammers always post links, the api help to block the complete posting.

I'll have to check that out for sure 🙂

After some testing with the google safe browsing API, i noticed it filter only phishing and malware sites as links. But all the Links posted by Spammers are not filtered.

http://blogspam.net/ 

I added it directly to yaf. Every Post is now checked for SPAM (Detection based on Post, IP, and Name) - Of course this can be turned off/on in the Host Settings.

Currently the messages containing spam are rejected, but i think suspending the user would be also a possibility.

Also i Added "Report as SPAM" Button to an Reported Message on the Report Messages Page - that sends the Message to the BlogSpam Service.

Have had a couple of spammers also after introducing reCAPTCHA. Not a cure, but maybe a little bit of help - that's my view of it...

Edit: That blogspam service looks promising - hope it will be implemented in a coming YAF release... [thumbup]

reCaptcha is not a panacea, but it works more effectively then YAF captcha. To protect yourself almost completely you should use a custom solution with at least 3 various protection levels.

I have just updated via SVN and it's already being included in the source, so I do think it will be in the next release --