Today some dirty spammer created about 25 fake accounts on the site, no doubt in an attempt to post links to his Viagra sites. Since not one single one of these accounts was ever able to make any posts I thought I would share my simple spam-fighting techniques.
One of the best spam-fighting techniques is built right into Drupal - eMail validation. Requiring email validation is what foils many spammers. In order to make posts they must validate their account by providing a valid email address, then clicking the validation link sent to that email address. Since Drupal does not allow duplicate email address, it takes a lot of work for the spammer to go create new email accounts. Most spammers don't bother and move on.
The other great way to avoid spammers in Drupal is using the Bad Behavior module. Bad Behavior stops most spammers, bots and other automated systems in their tracks. Note that if you use the LM_PayPal module for processing incoming PayPal payments you will either have to disable Bad Behavior, or make sure that all the PayPal servers are white-listed.
The last and most low-tech method for spotting spam and fake accounts is to watch your Drupal logs and bounced emails. If you see 50 new accounts created over a period of 1 minute, all with names like "Sue", "Ralph", "Sammy", "Paula", etc, you can be pretty sure they are fake. Watching bounced emails will also tip you off to fake accounts as most spammer's email address are either fake, or over-quota.
Using these very simple techniques have helped to keep GrownUpGeek.com 99.98% spam-free for 18 months.