Lorelle has a hugely informative post about new tricks in comment spam swine are using, and how to defeat them. Check it out.
One additional point. The comment spam she mentions ‘seems’ normal but isn’t. In WordPress you can specify that anyone with a previously approved comment will automatically have their comment posted without going into the moderation queue. They are identified by the email address they give with the comment.
So, Mr. Comment Spam leaves a semi-normal sounding comment. You approve it. The email address given is now in the system as being approved. This opens the floodgates for more spam, because now any comment from that email address will be immediately posted.
I’m working on a blog conversion from Radio UserLand to WordPress. We’ll be using Akismet and can’t do moderation because this blog routinely gets thousands of comments a day. Were we to manually moderate comments, nothing else would get done.
Fortunately, Akismet is quite smart. It rarely makes mistakes. On my main blog, Politics in the Zeros, it’s missed two spams and had one false positive, and excellent record indeed.