You've seen SixApart's Guide to Combatting [sic] Comment Spam?

Did you know the Apache guys are scheming up a BlogSpamAssassin? It's just discussion on a wiki now, but they got links to "proof of concept" stuff. This guy has already written an MT-SpamAssassin plugin...don't ask me if it works, but he's running MT 3.121. And they pointed to a WordPress plug-in I need to look over (I've gotten real comfortable with PHP recently) which has an interesting approach--adding a Javascript function to compute an m5 hash to the comment form.

Taking Matt's stopgap spam solution, which sends precomputed hashes to be echoed back by the user-agent's form, I've added dynamic generation of the md5 hash. Rather than write it to a hidden field, we wait until the form is submitted to compute the hash. This prevents spammers from automatically scraping the form, because anyone wanting to submit a comment *must* execute the javascript md5.

I've seen the equivalent of the "stopgap spam solution" before.

And I'm watching an anti-spam discussion on the Drupal.org forum. At the moment I don't have a big spam problem...there was a spammer targeting Drupal installations but it seems automatically closing the comments handled that clown.