No, I didn't need to use a third-party add-on like MT-Blacklist or one of the bayesian filtering sytems. In fact all that was required was to relocate a single URL. This was based on the assumption that spammers are not intelligent, and will use the simplest method that produces the largest volume of spam. Initially I suspected that the comment-spammers had written their own bots capable of crawling the web and recognising common signs of a particular blog engine. After all, identifying Movabletype blogs with comments enabled is easy, they all contain links to the mt-comments.cgi script. Further, these links contain everything necessary to programatically send spam. But spammers don't need to build their own crawlers. According to the assumption, spammers aren't smart enough and wouldn't know how to do it anyway. Unfortunately, there is a much simpler alternative. Spammers dont need to crawl the web, Google already does it for them. See here for example. That's a useful list of mt-comments.cgi entry points to my blog. As a bonus, Google is nice enough to sort via date and PageRank. This a pot of gold for spammers. What may be suprising about the results linked above is that Google provides URLs but no corresponding content excerpt. This is a trait of my particular blog where I have configured robots.txt to prevent the indexing of comment content (that way any spam that did get through didn't really recieve any benefit from doing so). Unfortunately while this allows me to prevent content indexing, the same isn't possible for the URLs. But the solution is obvious: rename mt-comments.cgi. At the moment that's all I've done, and I haven't recieved any spam in a month or so (down from over 100 a day). Of course I'm still reciving hits to mt-comments.cgi, but that's going to continue until Google expires the old pages.