Some antispam feature requests
 

Here's a couple of ideas from the wordpress Stop Spammers Plugin that could & should be implemented in some of the spam blocking plugins here.

*Block with missing or invalid HTTP_REFERER: Blocks users who send form data, but the HTTP_REFERER does not match your domain.

*Check for missing HTTP_USER_AGENT: Browsers always include a user agent string when they access a site. A missing user agent is usually a spammer using poorly written software or a leach who is stealing the pages from your site.

*Check session for quick responses (disabled if caching is active): Checks that the spammer is allowed to use a PHP session. If not, it denies the comment. The plugin puts a timer in the session and if the user fills the form in less than 6 seconds it is too quick to be human. (Stops the most spammers of all the methods listed here.)

*Use a Red Herring form: Places a fake comment form on web pages to trap spammers. If they bite, their IP address is added to the bad cache. Normal users should not be able to see the Red Herring form. Check your theme after enabling this feature to make sure that it does not alter your blog's presentation. (Very very good way to stop spammers.)

*Blacklist login attempts using 'admin' userid: When a spammer starts hitting the login page with a userid of 'admin' and there is no 'admin' user then it is a spammer trying to figure your password. Black list immediately. This only works if you have do not have the user 'admin'. It is dangerous to have a user name 'admin'.

There are several mods that check for the registration form being filled in too quickly. (the one I made is here: https://vborg.vbsupport.ru/showthread.php?t=294633) . It uses a hidden form field (I don't know if I understand the PHP session thing, but maybe it's another way to do the same thing).

That was only a few of the options I found interesting from that mod that I highlighted. Here's a good bit more that the mod offers.