random($foo)

Neal Krawertz (hmm, some interesting recent presentations) has recently written two pretty good summary overviews of anti-spam solutions:

• Anti-Spam Solutions and Security
• Anti-Spam Solutions and Security, Part 2

Good comments:

• Don’t forget SMTP+AUTH – SMTP+AUTH is great if you don’t have a VPN/stunnel, also interesting is the comment below about blocking entire countries/netblocks, although blocking entire ranges on one spam seems… err, asking for losing lots of mail
• Good old fashioned riddles – interesting way to keep a form-mailer from being used for spam; combine w/ honeypots/blackholers and you have something that can be used for comment spam blocking
• Re:Proof? – good points on how to aggregate IPs for blacklisting based on C/R failures
• Having experience, I can answer 1.2.1 – good points on C/R systems
• most effective – unfortunately, the most effective way is RBL blacklisting