A couple of notes about my recent comment spam experiences:
MT 3.2 continues to have the same pros and cons as before. Cons: It attracts a lot more comment spam than my old journal. Pros: Its spam-filtering and spam management systems are way better than my homebrewed one.
For example, today I got ten spam comments from the same source in a short period, at which point MT noticed that they were coming too fast and blocked that IP address. (You can specify the threshold for how many comments in a given brief period counts as too many.) As for the ones that did get posted (before MT banned the IP address), it was easy to look at the list of comments, check the checkboxes next to the spam comments, and click the "Junk" button to remove them from the site. (Though it took an unfortunately long time for MT to process that action; one of the cons of MT is that certain actions, including marking comments as spam, cause the site to "rebuild," which is very slow.)
I've generally been getting about 6-8 pieces of comment spam per hour since I switched to MT. Over the past three days, it's averaged more like 12 an hour; a couple of spammers sent me hundreds of pieces of spam apiece. The great thing is that (as with most of the comment spam I get these days) MT detected that they were spam and silently set them aside for me to look at at my leisure; it didn't even send me email about them. I didn't know they were there 'til I went and looked.
Which might not be so great, except that so far I don't think it's had a single false positive. There's been some spam that got past the filter, but I don't think the system has marked any legitimate comments as spam.
In fact, the filter is so accurate that I'm considering not even looking at the list of comments marked as spam any more. The system is set to auto-delete junked comments after a certain number of days; I may just let it do its thing. and trust that if someone tries to post a legitimate comment and it gets marked as spam, they'll drop me a note in email to ask me to restore the comment before the auto-delete kicks in.
Sadly, a fair number of spam comments do get through the filter. (Probably on the order of 5-10 a day.) Fortunately, MT's comment-management system makes it easy to delete them (as described above), and MT's spam-management system makes it fairly quick and easy to add words to the spam-detection filter so that particular spam message won't get through the filters again. (Though it would be nice if that were slightly quicker and easier.)
The comment spam I really don't understand is the spam that consists of one vague sentence of content, with no URL or email address attached. What does the spammer hope to gain by doing that? It's hard for the system to figure out that that's spam, but getting it past the filter doesn't get the spammer anything that I can see. Is it just pure vandalism for its own sake? Or maybe it's meant to be referrer-log spam, so that their IP address would show up in my referrer log if I published that log? But that would happen just by visiting my pages; they don't have to actually post a comment for that. Mystifying.