Every comment-spam I have ever received included an email that began with "byob" followed by a seemingly random domain name. The IP was clearly a random proxy, and frankly I got sick of deleting all of the stuff sent to the moderation panel...
So I hardcoded this. Perhaps it'll be useful to someone:
In wp-comments-post.php, find this:
if ( get_settings('require_name_email') && ('' == $email || '' == $author) )
die( __('Error: please fill the required fields (name, email).') );
and add after or before it, this:
$byob = 'byob';
$spam_byob = strpos($email, $byob);
if ( !($spam_byob === FALSE) )
die( __('Error: Email address flagged as common spam. Comment rejected.') );
In my short tests to make sure commenting still worked and that the byob emails would be blocked, I received satisfactory results.
This applies to WordPress 1.2.1 "Mingus," and it may work for others. I have no idea.