The spammers use automated software to detect the type of forum software a site uses, and act appropriately in signing up. The demonstration of this that I saw was amazingly sophisticated – the spamming software first signs up for a new hotmail/gmail/whatever email account, then goes through a submitted list of likely forums, registering with each one, using that address. It then tests to see if it has posting access – if it does, it posts spam, if not, it then waits for (and responds to) any security/registration emails the forum software sends, all automatically – then having been approved, it posts spam.
As I say, protecting my forum from this used to be a chore. However, for the last year now, I have been using the services of http://www.stopforumspam.com/, which is a collaborative database of known spambots. It has a very simple API, which makes it simple to integrate with most forum software, and on the very odd occassion a spammer hits my website before it makes the list, a single mouse click adds it to the database.
The thing I particularly like is that the database holds the username, email address and IP address used by spambots, but the API allows you to choose which you filter on. I choose not to filter on username, as I don’t consider them to be unique enough. Filtering new registrations on email and IP addresses seems to do the trick.