I run two obscure blogs on Movable Type. Finally fed up with comment spam, I decided to try to fight back, and I posted about it. I've been punished for the past 48 hours. Now that things seem to be back to normal, I hesitate to rock the boat by describing my experience, but hopefully others may profit by my mistakes. Hence, the following observations. Forgive me if they are all too obvious:
1. Tweets and pings invite spammers. That doesn't mean one shouldn't use them, just beware the consequences.
2. Closing anonymous comments and requiring registration does not work. The spambots seem to have every form of authentication gamed from Google to Facebook to OpenID. Movable Type's native registration process is the worst, since no one else is monitoring it, but they all seem to be pretty useless as a means of curtailing spam. It's better to allow anonymous comments and fight the spam than it is to try to keep the spammers off the site.
3. A verbal captcha in the form of a question that requires a response seems to have some effect.
4. Wordpress.com runs Akismet, a paid spam filtering database. Movable Type has a plugin that supports it. I am still assessing how effective it is, but it seemed to be worth the modest $36 investment.
5. The problem is overwhelming, so don't be surprised if it takes work to deal with it. Current spam count on my system is 19822.
6. The only reason for this relentless spamming that I can think of is Search Engine Optimization: spamming obscure sites to increase one's Google page rank. Hopefully, one can at least deny the spammers that. Unless, of course, they simply act out of motiveless malignancy.