in reply to
Re: Battling form spam
in thread Battling form spam
A three-pronged attack is usually necessary for that.
First, force them to validate the login by supplying an email to which you'll send a validation URL. That will kill a lot of them, as spammers tend to sign up with mail addresses that are either totally bogus or someone else's.
Second, if you have a captcha on the confirmation page - or some other humanity test (i.e., which of these pictures is cute? with several randomly-named junk pictures and a kitten and checkboxes) - that will kill a lot of others.
Last, moderate them for the first few posts. As you say, almost all spammers are hit-and-run, and work off volume. If you make it hard for them, they'll just not bother.
The last and really sneaky alternative is to have a "spammer" flag. They can post, and the site reports to them that they have successfully posted, but you throw it away. They will waste time trying to post to your site, but will get nothing for it, and they'll get no hint that you are dropping their posts.