Just turn off the facility for signatures or use the limit url and signatures plugin, I see you are using some good plugins already. I would also make signatures for subscribers only or members that have PM'd you a request.Darwin,
Yep - we have the stopforumspam plugin - sent someone there this morning btw that got through That, and the keycaptcha seem to stop most of the bots..
We are still using the plugin for PMs/links also. I'm usually finding the spammers like to load up their sig and their 'homepage'.. so a search through the db finds probably 95% of them..
You will always get the ones that get through but the more you can divert away the better. There is also a way of blocking whole countries where a lot of spam comes from with your .htaccess, what you should also do is make your .htaccess inaccessible from attacks with a deny script.