Well, it turns out that the CAPCHAs are not quite a complete solution to spam. They have throttled the spam-stream back to only three since I put the CAPCHAs in place, mind you, so I'm not complaining. But it is interesting how the spam has changed in response.
One of the spam was just huge, and full of random text and naughty URLs. I guess the spammers decided that if they were going to pay the cost of having a human solve my CAPCHA, they were going to cram as much spam in as possible. But the other two spams are more interesting. They are almost identical, so I'll only post one:
This page was indexed by Google and added to blogs search 14 Feb 2009 13:23:44 GMT.
Google cache: http://google.com/search?q=cache:http://www.jonathanherzog.com/blog/2009/12 /lovely-spam&ei=AFQjCNHajN_OX0kgxzx7UGA1yBfsEX VIds
Webroot informer.
The clever thing about this spam is that it's mostly true. The page in question (which was a post about spam, ironically) really was cached by Google around that time. (Two days before, but who's counting?) And furthermore, that URL really is the URL to the cached page... mostly. That is, most of that URL points to the Google cache. The last eight characters, on the other hand, are actually a different link, pointing someplace less savory. (I've changed it to point back to this website. If I'm going to boost anyone's rankings, it will damn well be my own.)
It doesn't survive a close inspection, or even a closer look. But if I were busier and less attentive about the comments posted here, it may have slipped by me. And you have to give them credit: that's pretty damn clever.