The last week or so I've been getting slammed by "Nice site" blog comment spam that just wants a link to some dubious Web site. I'd turned on "approval for everyone" but that just means that it doesn't show up on the site--I still have to delete it and it got to be a pain.
In an effort to fight spam while keeping my site as open to feedback as possible, I've added a CAPTCHA to the comment page. The package I'm using is SCode (Movable Type). It's not too sophisticated, but it works and I imagine it will ward off the big offenders for now.
The hardest part of installing it was getting the GD Library built. It's got 4 or 5 dependencies and then I had a few other problems which were the result of stupidity on my part (using an older version of the library I had lying around). After that, it was as easy as installing and configuring most MT plugins.
As I was working on this, I began to think of a CAPTCHA as a very broad form of authentication--in this case letting people broadly identify themselves as "human." That's all I care about and so making people log in would be asking for too much specificity in their identity parameters.
Feel free to try it out.