How does that work ? I'm not a software man at all lol
Easy... i wrote some PHP lines that do this kind of thing for my company recently.
Spammers started to figure out how to use our contact form.
I set up a system where it would look for various 'red flags', or patterns that previous spammers had used.
If the system detected a certain amount of red flags, it would just not send the message, but it would log to a debug file.. just in case we had missed some legitimate customer contact.
Couple patterns i've seen on ES, just from the outside:
1) spammer signs up, makes 3-5 posts almost immediately.
2) If there is not a link in the message, there is nonsense in the message and a link in the signature.
3) If there is a link to the profile/signature, it probably consists of domain . extension & no link to a directory or html, php, jsp etc after that.
I would also bet there are repeat offender IP blocks that can just be straight up banned permanently.
Time between posts for a new user, and time between registration and first post are 2 big tipoffs.
There are probably other signs. Nowadays, spammers are quite sophisticated though, so you always have to stay 1 step ahead.
Back in the day when i administrated a bunch of mail servers, i could cut half the spam flow by just auto spam foldering words like 'viagra', 'v1agra', 'VlAGRA' ( with an lower case L instead of an I ), etc.
Luke's idea of more questions would help some.