If you are still continuing to get a lot of spam even after captcha is enabled I would recommend if you haven't already to submit a case on this ASAP. So we can have the team look into this problem further.
CAPTCHA is a start to beating back comment spam. Successful CAPTCHAs should present a difficult task (overlapping characters are the most difficult), draw from a large question space to keep questions unique/not easily gamed by spammers, and include a vast answer space and limit the use of dictionary words or multiple choice.
Unfortunately, according to a Newcastle University School of Computer Science study last year, the bad guys are staying ahead of the CAPTCHA curve and rendering the tool ineffective for user authentication. Plus, it takes a user about 2.3 attempts to pass a CAPTCHA while 25% of users leave the site from the moment they encounter a CAPTCHA.
For more popular sites, you may need a multi-layer defense to save you from time-intensive comment moderation. Consider multiple analytic dimensions such as URL link and context analysis (e.g. site's age, geography, inlinks/outlinks, frequency, and commonality assessed via previous examples to judge reputation) and fingerprinting (e.g. behavioral circumstances and the who/what/when/where/why to a comment) to enhance your social spam-fighting tool kit.
For full disclosure: I work for Impermium (www.impermium.com), which provides real-time, enterprise-grade content cleaning for websites and social networks like Tumblr and Pinterest.
Folk really need to read the forums, blog posts etc
Release notes can be found on the blog for the August release out next week:
Which will include:
Automatic SPAM control with Akismet
Recently we encountered a significant number of SPAM comments across Business Catalyst websites that have the blogs and forums features enabled, even with "Captcha" configured. As a result, we've decided to integrate Akismet, the defacto SPAM protection solution for comments in blogs. Starting with this release, the automatic SPAM moderation tool will be available for blogs, web apps, pages, announces, bookings. We're looking forward to extend the protection to other areas like Forums if necessary.
You can view some mockups of this feature here.
The guys are also looking at other improvements to implement later as well to stay on top of the spam bots.
That's great - I'd missed that one.
I look forwatds to adding the word [loans] to the blocked word list!