I got the following in an email:

Hi US-WebDesigner,

You have received a site mail message from janelove2k titled hi. To read the message, follow the link below:

http://www.wiccle.com/index.php?module=members&show=inbox

You can cancel the notifications by logging in and editing your member settings.

--- Wiccle.com

and when I following the link and logged in, there was no message.  Quite honestly I can't even see how to access the mail function on wiccle.com from your wites menu.  Can anyone explain?

I got the exact same one... figured it was a spam email that Markus and the gang caught before I got to it.

Yes, I removed both the member and the messages (three dozen or so) "she" had mailed as soon as they were sent. I need to roll in a "this message was removed" feature to get spam canned without causing confusion.

You can reach your mails from the top right menu, right next to "Log out".

We fortunately haven't been getting that much spam, but the site spamming genre is every bit as wild as the e-mail spammers' operations. One thing I need to rig in into the next release is optional CAPTCHA for forms created with the form builder.

We have some crap incoming from our demo feedback form, though not at an alarming rate, but enough to warrant flipping captcah on. A lot of the time the generic "hello I like your site, good work" messages -- even without spam -- are there just to probe if a form would be good for hi-jacking for spam.

I think personally Capcha is still easy for spammers the better one is

with recapcha 2 and a mathamatics question would be best to stop 80% of spam

also add a proxy list of ips to the .htacess and that should stop 95% of them

I haven't seen reCaptcha automatically circumvented so far — have you? There's been a wave of "human pioneers" however who drop in to fill the captcha to help the spam machine roll on...

I do plan to introduce additional captcha methods in future builds, including some of my own design.

The .htaccess deal is good but depending on the size of the list can get really resource-intensive for Apache. I would import that list directly to server firewall instead, if possible. Apache wasn't really designed to work as a firewall handling a large amount of blocked addresses.