Online spam is the old annoyance of unsolicited mail, writ large and filling digital inboxes worldwide. Initially limited to email, it quickly became a blog issue: blog comment forms allow anyone to enter data, and any opportunity for data entry is a doorway for spam. WordPress, like every other blogging platform, is susceptible. Developers were working on anti-spam solutions as early as 2005, with plugins like Spam Karma and Bad Behavior.
Matt was also working on an anti-spam solution. His first attempt was a JavaScript-based plugin that modified the comment form to hide fields. Spammers downloaded it, picked it apart, and learned to bypass it within hours of launch. This is a common pitfall for anti-spam plugins; any widely-adopted plugin quickly attracts spammer attention, and a work-around soon follows. Regrouping, he tried a new tactic: crowd-sourced spam reporting. In late 2005 Matt launched the Akismet plugin for WordPress. Akismet — short for “Automattic kismet” — used the power of the community to create a plugin that evolved alongside spammer tactics.
Each time someone comments on a website running Akismet, Akismet checks the comment against all the spam in its database. If the comment is identified as spam, it’s deleted. When spam comments inevitably get through, a site owner can mark them as spam to remove them and add them to the database. This means that as all the site owners using Akismet report spam, the pool of spam comments in the database grows, making Akismet more and more effective over time. “It’s like all the kids on the playground ganging up against a bully.” says Matt, “Collectively we all have the data and the information to stop spammers, certainly before they’re able to have a big impact.”
In November 2005, the wp-hackers mailing list discussed plugins to bundle with WordPress core, and an anti-spam solution topped the wish list. Akismet came up, though not everyone was comfortable using a plugin with a commercial element; Akismet is only free for non-commercial use. (Payment is based on an honor system that asks commercial users to self-report.) Some questioned Akismet’s data collection and storage methods. Akismet had one other significant shortcoming: it required a WordPress.com account, and WordPress.com hadn’t officially launched. Using Akismet meant using WordPress.com, which meant finagling an invitation or downloading the Flock browser.
Despite the pushback, there was an equal amount of support. Some didn’t find the pay-what-you-want system jarring, arguing that Akismet has server costs to cover. When WordPress 2.0 beta came out that month, it was bundled with Akismet. WordPress.com opened to the public two days later, making both services available to anyone.
Concerns that a money-making plugin ships with WordPress continue. Discussions about Akismet surface perennially in the community, including among core developers and at core team meetups. “It seems an unfair advantage (for Automattic) and it cuts against WordPress’ goal of openness,” says Mark Jaquith (MarkJaquith). “That being said, spam is still a huge problem and Akismet is still the leading product, even though there are now alternatives.”
The public nature of WordPress development makes it difficult to develop a widely-adopted anti-spam tool. Dealing with spam via a service means that the plugin code itself can be open source, while the algorithms for identifying spam remain private. While there are often discussions about recommending a selection of anti-spam options rather than bundling Akismet with WordPress core, this isn’t yet viable. “The moment we recommend five plugins,” says Andrew Nacin (nacin), “the spammers will all target the other four that don’t have the ability to evolve and learn like Akismet does.”
The problem of spam highlights the challenging intersection between business and free software: including a freemium plugin with WordPress doesn’t gel with the software’s openness goals, but removing it would have a detrimental effect on users, contravening the project’s user-first principles. Akismet is still bundled with core, and the debates continue.