The most basic defence you can use is a captcha.
We currently use a text captcha on the site, if this is changed to an image captcha it may reduce the successfully submitted spam slightly. This is already installed on the site we would just activate the image capcha functionality. This would not incur any cost as it could be done under support but will have very little effectiveness as spam bots can learn how to negotiate these.
I woudl recommend using the captcha module along with recapcha, a captcha service which uses the input images to digitally encode text in scanned books giving someting back to the community and stopping spam at the same time. Win Win.
Along with a captcha you will need some kind of antispam module, this will protect against human spam too, as they will be able to get past your capctcha.
Several Spam modules exist to filter spam after submission. Some have fees as they use third party sites to track the spam generators’ IP addresses etc.
This module incurs no monthly cost as it doesn’t use a third party site, however the benefit will not be immediately effective because of this. It will take some time to learn the content that is posted on the site and occasionally generate a false positive. Content will be marked as spam and you would need to monitor this initially (much like you do with deleting comments at the moment, you would have to train it what is spam and what is not).
Once it has learned what type of content is acceptable on the site then it should quite effective and require less intervention. The filter learns by updating the score of content items you correct manually, which reduces incorrect assessments later on.
It is currently running through the registered users and blocking the suspect ones. I will continue to monitor the logs to ensure that the module settings thresholds are sufficient so no real users are being blocked and that the spam ones are blocked as far as practicable. Once this has finished, we will need to delete the blocked accounts. It won't pick up all the accounts but it should get the majority of them and then some manual intervention will be required to pick up the rest.
There is a danger that the module blocks a legitimate account, however from what I've seen in the logs this is not the case. I suggest we leave all accounts picked up by the module for a month or so before deleting them that gives any legitimate users a chance to email back. We could also send out an automated email to the registered address on blocking the account but as most of these accounts are spammers then it's not generally recommended that anyone send email to these addresses.
The service used is not quite as thorough as the antispam module with akismet which I recommended previously, this one only checks registrations and it doesn’t check forum posts, comments, nodes, content etc but it is free to use and should stop the majority at the first hurdle
Uses several third-party anti-spam providers. Askismet is $5 (USD) per month for a single site licence and is very effective at combating spam.
It blocks content from known IP addesses used by spammers, email addresses used by spammers. Also can content as spam for a set number of days before deleting.
Will be immediately effective in reducing spam. Requires very little manual intervention (in my experience none). You would need sign up for an API key and pay the fee and provide us with the key so we can install the module. https://akismet.com/signup/
Contrary to what I said below it appears that the mollom module is not free for a non-personal site. The cost is €30 (EUR) per month. It is widely used by some large clients and is no doubt very effective. It will immediately reduce spam. Will continue to have very good drupal support as it’s created by the founder of drupal however I can’t see it being any more effective than the antispam module with akismet.