Mark Pilgrim's discussion
of how to stop spam in comments is very interesting. I don't have an answer for it, but I think it also brings up another important issue related to comments: persistent identity across sites. I think there are a couple of types of people who post comments. Some people have a carefully constructed Internet identity that is linked to their real-world identity. They care about how they are perceived on the Web because it affects their real-world lives. Others post anonymously with pseudonyms, and they don't care how that username is perceived because it isn't linked to their real-world life. I think there's a place for both types of posters, and the level of identity-revelation should be voluntary. I think this difference causes friction though, and it could get worse...especially as it relates to persistence.
How do I know that "WackyD00d" posting on site A is the same real-world person behind "WackyD00d" posting on site B? Especially when current weblog comment systems allow the user to put anything they want into the name, url, and email fields. How would the real person behind "WackyD00d" posting on site A police the use of his/her online identity on a site they don't control? Abuse could hinder discussion. It doesn't seem to matter if everyone is posting anonymously, but when real-world reputations are on line it could be problematic. For weblogs to be taken seriously as a place for discussion, I think this problem needs to be addressed.
Requiring a login with email verification could provide some protection, but you run into the problem of putting up a barrier to conversation...especially if you have to register on every site that you'd like to participate. I think some sort of central "Identity Bank" that generates a pgp-style key that could be included with comments across sites could work. It would be a barrier (though lower than a login), and there are some privacy concerns. (I wouldn't trust my info with Passport/Microsoft, for example.) But somehow offering that option to people who care about their online-offline identity link could help. And I think it could be done like PGP, where no one company has the keys to everyone's ID. Mabye it could even be done with PGP somehow.