Akismet is one of the great wonders of the world, a centralized control against comment and trackback spam. For the most part it’s ’automattic’ (heh), and for most of us, completely free. But to use Akismet on your site, you need to register for an API key — a lot of people balk at having to do that.
Without ever thinking about it, I just did as all good sheeple do, and signed up. It wasn’t until (much) later I heard complaining about the evils of keys, and how it was going to destroy our way of life. There are more than a few people who just don’t understand why they need the API key for Akisment. I guess because I’ve heard this question and listened to the complaining about 84 brajillion times, I’ll point you to this from the Akismet FAQ:
Why do I need to register for WordPress.com to get a key?
Because it allows us to maintain a single registration system and better protect against abuse of the system. You don’t need to get a blog, choose the “just an account” option when signing up.
What stops the system from being gamed?
Well without giving too much of the secret sauce away, we can safely say that it would be pretty difficult to poison Akismet. We use dozens of factors to determine the spamminess of a submission, and we also have an identity attached to everyone using and contributing to the system, which allows us to do some interesting things with weighting and clustering activity.
In addition, I’ll add this (as a consumer and not an official source): the unique key makes it safer for you to use the service on your site. To explain, when you get comments, the Akismet plugin sends the data from your site to the service to do its magic. Because of the key, you’re encrypting the data both upstream and downstream (when you tell the Akismet server what got posted, and it tells your site what’s spam and what’s legitimate).
Encryption means that even if somebody intercepts the data, they can’t figure what it says. Email isn’t visible on your comment form, but it is when you get the email from your WordPress (or other system) instillation and Akismet. The key makes it difficult, if not impossible, to decrypt that data in a manner that would benefit any nefarious types.
