as for user registration Spam management, if you want to take a further step:
this is my setup:
Moderate registrations when this many warning flags are detected: what his means if a minimum of 1 flag is hit EG: email, username, ip address the user is sent to the moderation list on your forum. if you did 2 flags that would mean users email + username would have to be blacklisted on the DB for it to be sent to your forums moderation list.
Reject registrations when this many warning flags are detected: mine is set to 2, so if a user with an email & ip address is trying to register on your forum and that user users a blacklisted email from an blacklisted IP his registration will be rejected wont be able to even register on your forum.
Only count flags recorded within the last X days: i have it set to 31 days (1 month) meaning, that flags are only valid up to 1 month anything older then that doesnt count. if you had it set to infinite, that would be bad as that could result in a large number of false positives and real users wont be able to register then either.
Only count flags recorded at least this many times: i have it set to 3, now this is to help reduce false positives so real users don't get blocked. what this does is a known spammer from the DB needs to be recored as a spammer at least 3 times before any of the above flags take effect. so if a user with bad email & bad IP address tries to register but only has been caught as a bad spammer only 2 times. they will still be allowed to register on your forums. this option is optional but its best to have this set.
Manually approve registration if user shares IP used by a banned user in last X days: mines set to 14 days (2 weeks)
what this does is, if a user got banned on your forum the IP address os recored from that banned user. and say 4 days pass and a new user tries to register but using that same ip address that the banned user used it will be sent to the moderation Queue on your forums instead. but if they try to register after 2 weeks, the registration will go through since its past the x days limit.
Registration Timer (seconds): mine set to 10 seconds, this is to stop bots from auto registering or help reduce, it takes a min of 10 seconds before they can press the submit button. think about how long would it take you to register on your own site? filling in username, password, email etc...
Enable CAPTCHA for Guests: used on registration page, Use reCAPTCHA (No CAPTCHA) much better then default CAPTCHA, it uses the google one you have seen everywhere the one with the tick and sometimes turns into select these images etc..
you need to register here:
http://www.google.com/recaptcha
and get your own Keys for it to work.
with this all setup i barely get any spam at all + i have double post merge as well from a plugin what his does if normal fully registered users try to spam all there posts are merged into 1 post so they have to wait after a set time before new post is considered a new post. this is to stop users from cheating their up in increasing their post count.
when i refer to DB i mean by Project Honey Pot, StopForumSpam DB's
