Blog Spams and WordPress

Today I just realised that WordPress does not actually delete the incoming comment/trackback, but instead obliviously inserts them into the database with "approved" field marked as "spam". Yes - every single comment, that has been categorised as spam, is still stored inside my WordPress database, even though I have never received any notification, nor is there a way to revert them back to legitimate comments. And I am backing all of them up when I run the mysqldump in cron jobs everyday!! Aargh!

And looking at the comments stored, my signal-noise ratio is current at 1:7.2. That's right, by the time you typed up a comment to reply to this meaningless blog entry, 7.2 comment spams are blocked by the WordPress comment blacklist, which by default looks at

  1. Whether comment/author/url/etc contains character reference (&#<number>;), which is an often-used tactic by the spammers.
  2. Whether any blacklist word matches.
  3. Whether the client is listed as an open proxy by

The combination works pretty good so far, as I rarely receive comment spams. has a SNR of 1:14.9, but it still suffered badly as I have to manually update its blacklist everyday to catch the latest spam words. I guess MT is just more heavily attacked.