Hello spammers, I'm sure you're going to be reading this thread.
It's obvious from recent posts on blackhat SEO sites and our own experiences that WPMU is a target for spammers creating spam blogs. They come on to your site, create dozens or thousands of blogs and fill them with spammy content and links. Soon your nice little community is floundering under the deluge of spam.
Current measures obviously don't work. If we make it more difficult for spammers, it becomes more difficult for legitimate users to register.
WordPress MU is attractive to spammers because it's easy to create content and links to their own sites that are indexed by Google and blog search engines. Their blogs are also listed on your blog listing pages making it easy for them to find human visitors. What's to be done?
What about a new blog quarantine? New blogs:
1. Are not listed on sitewide blog lists.
2. Don't allow search engines to index their pages or follow their links by using the noindex,nofollow meta tags.
3. If you have global tags pages, don't include them.
4. Don't allow trackbacks or pings from them.
5. Maybe delete blogs that aren't used before the restrictions above are removed.
After a period of time these restrictions are lifted. I would suggest at least a month for the first 3 conditions, and a week for the trackback one.
Even if the spammers don't post their content to their new blogs until the month is up, you the administrator will have a month to catch and delete all those empty blogs.
Like nofollow on comment spam I don't think these measures will stop spam, but they will limit their effects.
Anything else we can do?