Create a list of banned hosts, check for them on every comment post, refuse to post comment...
Some spambots simply post like "Hey i like your site..." And then simply (ab)use the author-url.. Which might make sense since i don't expect search-engine crawlers to see a difference between an url in my "post content" and an url in the "author div".
So check the author url...it's already done on my own blog.
Some are smart enough to wait a while.. But they do come back, day after day
True, but the key word in both your quotes is "some". The majority don't care about such deliberate measures, they're out to get 1 in every 1000 or more comments actually onto a blog which either isn't fully filtered or misses their comment as being spam.
In my experience they do re-use IPs from the same netblock. And too bad for open proxies, they're unwelcome.
The problem here is the last time I blocked open proxies I got 6 emails inside a day from legitimate users who thought comments has been disabled or were broken. I think of it like blocking IPs - you end up alienating legitimate users. Which is also why I refuse to ever use CAPTCHAs on anything...fullstop - there is at least two people who are blind who read my blog that I know of.
Speaking from personal experience (and not even remotely saying it reflects anyone elses, or even reality for that matter

), spammers are unimaginative folk. They re-use the same or similar tactics and messages over and over again. Some inevitably find a way past filters, but usually its a simple matter to adapt filters, or at least get the most suspicious comments listed for review. I get maybe 200-1500 spam attempts during a week - last weekend saw a massive torrent of 850 for example - and only had 3 potential spams make it through. 2 were listed for review, and the 3rd appeared to be nothing but a "I like your blog." linking to Google of all places...
Do Google spam blogs?
