Matt is right: captchas are irrelevant, and you’ll just push the spammers to TrackBack spam. I started seeing TrackBack spam yesterday, and it’s now getting nuts.
I’ve been using a combination of Kitten’s Spam Words, the Open Proxy Comment Checker, and Dougal’s TarPit for the last little while; it’s been effective, but not as much as I’d like. Per Matt’s recommendation, I’m giving Mark Ghosh’s Three Strikes a try on GFMorris.com, Kitten’s Spaminator a whirl here on IJSM.org, and Dr. Dave’s Spam Karma a try on GFMorris.org. Running multiple WP installs that are getting attacked by comment spam gives me an opportunity to evaluate the efficacy of each. They get spammed in the general volume ratio of GFMorris.com > IJSM.org > GFMorris.org, and that’ll have to be evaluated. I’m not going to do this quantitatively; I only wish that I had that kind of free time.
Frankly, I wish that we weren’t really deleting the comments out of the database, but rather flipping a flag that says, “This won’t appear in the WP system anywhere, but the data is still there so that we can continue to learn from the spammers.” That would be a great little bit to flip, don’t you think? Storage is relatively cheap. [I may be in the minority in this thinking, but I also have my own box and don't have storage concerns.]
I will leave the RMFO-Blogs About log with my status quo antebellum trifecta of plugins as a control. It sees about the same amount of spam activity as GFMorris.org does.
Update: The more I read about Spam Karma, the more I liked it. Beacuse of a need to support my RMFO-Blogs users, I’m using it and nothing else on the About log. Should be interesting to see how that goes.