IMHO: A little development time should be spent putting some anti-spam measures into the default distribution of WPMU.
And by a little, I mean a lot. Mostly where the sign up page is concerned. A captcha plugin that requires installation, and doesn't really work as advertised; that requires GD libraries to be installed and configured, well, that doesn't really cut it. My point is that there should be some protection by default, anything - just something that less technically inclined users could manage. I'll tell you why in a minute.
Spammers out there are having a field day with WPMU and it is the number one reason why I didn't want to use it at all. So long as it's easy for them to spam, they'll continue to target this package. Not everyone who runs it has the technical aptitude to challenge the spammers in a meaningful way. This is a big problem.
Before getting into this I had developed my own WPMU type site with WP as the basis. I finally figured that it would be better for me to adopt this package and spend my time developing for the community rather than for myself. My own strong beliefs in the FOSS ideals played a big part in that decision. However, my pro-con list to determine which package I would use and contribute to was extensive and developed over a four month period. Even with all the other pro's, one thing about WPMU still nags at me, "Unsubstantial anti-spam measures".
This thing (WPMU) is a nightmare to manage where spam is concerned. One exception: Akismet. It is available for personal use only on WP blogs. The other end of that, and where WPMU is targeted, there exists the option to purchase a commercial license.
Doesn't this create a conflict of interest? I mean, why would you bother trying to lock down this "free" software against spammers when doing so would counter the necessity for a paid anti-spam service such as Akismet? See what I mean?
It's a nagging conflict of interest.
If every default installation of WPMU shipped with anti-spam measures (Such as gatekeeper, captcha, bad behavior, spam karma, etc ), paying for Akismet might not be such an appealing option for commercial site owners. It's a conflict.
Let me back track for a moment. My point about "less technically inclined users" is simple. There are people who get into this thinking it would be interesting to host a site for their friends or church group, what-have-you, and then discovering that the reality is something they are simply not prepared to deal with, technically. They exist. Those hobbyists who do this for their friends, for example. They may know enough to get WAMP running and get pages served, but nothing about installing LAMP w/ GDlibs or reprogramming templates to get a captcha working on their wp-signup.php page.
Heck, there are users of WP who can't even handle the requirements of something as simple as SK2 (Spam Karma 2).
I'm sure there are people who don't know how to use their .htaccess to ban suspect IP addresses or how to plug that list into other blacklist servers (aside from Akismet, which exist and are out there). Heck, I'm sure they don't even know about robots.txt (not much good against spammers, but still, it's a part of my point).
I've visited the wpmudev.org site. It looks promising. But my question is, why doesn't WPMU ship with anti-spam measures by default?
So long as users are left unequipped spammers will continue to target WPMU installations. This only propagates the problem. It only makes things worse. If the choice is to include anti-spam in teh default package or ban newbies from using WPMU, I think the choice is clear.
Akismet is a good idea, but the marketing leaves some distaste in my mouth when nothing is being done to help prevent the problem with default distributions of WPMU. When the only option provided is a paid service, well... maybe newbies should be paying. IMHO: that goes against the spirit of free and open source software.
That creates a conflict of interest.
So... how about making the default distribution of WPMU a little harder to spam?