I get a fair amount of spam on this site; less than most, but significant enough to be a problem. Most of it is trackback spam which, by design, isn’t an easy thing to combat, but Drupal does a decent job of things.
Comment spam, on the other hand, has been giving me a headache or two, and not in the way that you think. You see, Drupal does catch most if not all of it, but it also overzealously picks up real people’s comments (and as you can no doubt see, I have far too few of those as it is!), just like my last CMS, Pivot.
Like in Pivot, I’ve decided to implement Captchas, which basically means that you’ll have to answer a silly question at the end of the page before submitting your comment, in order to prove that you’re a human (and then hopefully the spam filter won’t eat up your message until I find it in the approval queue a day later).
Thanks to the Captcha Pack module these questions are quite varied. I haven’t used the most common image captchas (like you’d find on a blogspot page, for instance) because I don’t particularly care for them, and prefer the text questions instead.
I sometimes worry that some of the math questions might be a little too much for some people… But, then I ask myself, “Do I want those kinds of people commenting anyway?”