No problem CoreSet. Look at it this way. You will learn something. Oh, and have a kill-switch readdy if Murphy comes (disable comments, non auto approve, something like that). @stevekemp also has a valid point in another comment of his. If you write your own functionality, you store the comments. If you use 3rd party app, they store your comments. This can be the tipping point for some people.

How the spammers work. Really short and banal explanation: - dear program, find wordpress blogs (in a certain niche, or any blog - I am not picky today) - footprint of the day will be "powered by wordpress"

- thanks for the list, now check each url if that blog has a form for comments enabled

- great, now, because you were programmed to know which inputs (name, e-mail, content) (and with what names/IDs) needed to be filled, use my predefined texts and submit

- oh, and if you see a capcha, would you be so kind to OCR it and fill the right text there also? thanks

- check after one hour if the comment is visible (yes? woohoo - we found an auto-approve blog! - no? ok, check in one week)

Hmm, that gave me an idea for a honeypot webpage. One single page with footprints of many blogs and forums, some forms on it and IP logger. Every IP that would like to submit anything on this page, goes to the sh.tlist.