WordPress MU

I'm getting inundated with trackback spam... Akismet is rejecting it pretty well.

What I've noticed is that most of the comments are coming from seemingly reputable hosts. (A list if you're interested.)

I don't know how trackback spam operates, but I worry that they might be somehow using legitimate blogs: perhaps they leave comments on one blog, and, if they don't get deleted, they then leave a bunch of trackback spam pointing to that blog entry?

Does anyone know more about how they do operate? I'm filtering them out on this end effectively, but I want to make sure that I'm not inadvertently part of the problem!

I don't see a single reputable host in that list. All with hostnames are gray or black in my book. The ones without hostnames (called rDNS or reverse DNS just for reference) just show that the host in question doesn't know what they're doing.

Link: The validation one checks the IP address to see if it's actually coming from the site in question. That's 99% of trackback spam right there as it's usually coming from a trojaned box instead of the site in question.

I downloaded and enabled Simple Trackback Validation, but I'm having trouble...

It installs fine in plugins/ and I can see and Activate it in my admin panel. But Options -> Simple TB Validation, to configure it, doesn't let me save: it throws the error "Cannot load simple-trackback-validation.php."

Of course, I can VIEW that page just fine.

It doesn't look permission-based, either. Changing the owner to apache (the Apache user) doesn't help, nor does changing permissions, even to 777.

If I install it in mu-plugins instead, it just doesn't show up at all.

What could I be doing wrong? It should be simple!