My new blog anti-spam defences seem to be holding up well.
The current configuration starts with MT-Blacklist, which blocks more than 95% of the comment and trackback spam by checking for blacklisted strings in the various fields of the incoming data.
The little bit of spam that makes it through is then funnelled into SpamLookup, which does some advanced extra tests, including a check to see whether a trackback ping originates at the IP address of the blog claiming to be sending it and a dynamic check to see whether a comment is being sent via an open proxy. Clever stuff.
I also have MT-Moderate installed, which allows SpamLookup to also moderate trackback pings.
This combination of plug-ins is working very well. It could be that SpamLookup on its own can do the job and that I could simply disable MT-Blacklist at this point, but I haven’t felt inclined to try that out just yet. For now, I’m happy to see how many comments and pings get denied or just moderated.
It’s lamentably insane that this problem even exists, but since it does, as with e-mail spam, one simply has to have effective measures against it.