For some strange reason, when some people post comments to my blog using their livejournal OpenID (jenniferm and ptomblin_lj, for instance), SpamKarma2 complains that their posts are missing the “payload”, which is a hidden input field with a cryptographic hash of some of the other values in the form. But others can post without this problem. I look at the page source before I post, and I can see the payload is there, so something is stripping it. I have no idea if this is some sort of interaction with Akismet or a bug in OpenID or what.
So far I’m not impressed with Akismet. Ever since I’ve installed it I’ve seen an increase in false positives. I’m going to try to disable it and see if the OpenID commenting problem goes away.
Update: Disabling Aksimet didn’t help. Must be the OpenID plugin.
I just wanted to see if mine worked…
I got a different error when I used my OpenID:
Sorry, but your comment has been flagged by the spam filter running on this blog: this might be an error, in which case all apologies. Your comment will be presented to the blog admin who will be able to restore it immediately.
You may want to contact the blog admin via e-mail to notify him.
Something to keep in mind: not everyone in your previous test post was really using OpenID. For example, I don’t think Vicki’s comments were really authenticated through OpenID—notice that her username doesn’t show up as oddprofessor@livejournal. This happens because she either has a cookie set that WP reads and uses to fill in the name, email, and URI OR the web browser is filling in the form field on its own. So, WP sees that there is information in the “normal” comment information fields and does not use the OpenID information at all.
So, it may be that ALL comments signed with OpenID are being flagged as spam.
I broke the comment form on redjen.net; I’ll fix it when I have time and let you know if the behavior is the same or different for me.
If I’m reading the source code for these things correctly, it appears that OpenID works by doing an HTML GET on the openID server which passes in various parameters along with its own URL, and the OpenID server does a GET with those parameters back to the original site. If that’s correct, the reason SpamKarma2 is missing the payload is that those extra input fields aren’t being passed to the OpenID server to be passed back. I’m going to do an experiment in a little while with a “foreach ($_POST” to get all the extra input fields and put them in the array of data being sent to the OpenID server.