Fighting wikispam:
STEP 1: Use <rel="nofollow"> on external links
STEP 2: Don't use it on internal links
STEP 3: Have no redirect mechanism to be exploited (a bad idea even though it doesn't increase the spammer's PageRank)
STEP 4: Use capchtas, and time-limits as with blogspam. Greylisting is far harder here but maybe still possible.

As a matter of fact, spammers have already gotten around all 3 of the ways I talked about preventing blogspam. Captchas? Redistribute the captcha image in near real-time to sites with, err, compelling content to obtain the plaintext version. Time-limits? Just use your friendly local botnet! Greylisting? This one is ingenious, the spam they send out to counter spam filters is so hilarious and elaborately crafted it's probably worth reading... However, taking this trouble is expensive, especially with the nofollow attribute, so it certainly helps.

NOTE: neither these steps, nor the ones I posted earlier for blogspam, will prevent TROLLS. They only prevent (most) spamming.

David Ornstein and the flexwiki community (http://www.flexwiki.com) are coming up with similar "defense in depth" mechanisms against wiki spam. One that they've added to BeardedGeek's list above is:

STEP 5: match all submitted URLs against a blacklist of banned URL-fragments.

The blacklist is maintained by the site administrators (and any wiki users who they trust). This has been successful so far because the wiki-spammers seem to be operating alone, and each one just submits the same links over and over again.

It's funny to me that after to total perversion of email people who actually design an open system and then complain when it gets used for the wrong purpose. Have you even seen blatant automated forum spam? No, because basic security forces the issue.

It's just stupid to think that you have a right to complain about a comment posted on a form like this, when the intent of the form is to accept public anonymous comments. The same goes for a Wiki.

Seriously, if you put your credit card numbers on this website, would you be supprised with someone started buying things with the number?

Instead of trying to figure out 'thier busienss model', why don't you try to figure out content filters that only allow content you like, which is clearly the real issue.

This is about selective content publishing. I'm done ranting now. ;)

Sorry Paul, but uh, I can complain if someone stuffs my physical mailbox at home with junk mail, so I can complain about spammers.

John: Yes, you can complain. However, if you don't implement widely-available, relatively low footprint (certainly parallelizable) solutions despite your company supposedly being 'security-conscious' it makes it look either incompetent or hypocritical or both.

I guess we're talking about the difference between complaining and whining. I can complain if my apartment gets broken into, but I should do something about it. If I don't make an effort to secure my place (or move), I'm just whining.

In this case I'm complaining. I am curious how long before I get Spam without making any effort to secure my comments section. Once I do get Spam, I promise I will act.

I must say, my criticism may well be unfounded... It seems you have been rather successful so far, I wouldn't be surprised if there isn't already some back-end blacklisting going on...

Would you (or anyone else out there!) be interested in sharing more about the blogs.msdn.com infrastructure/design/management? I'm sure it would prove very insightful.