First of all, thanks for the great plug-ins! (I use CFC, WordPress Hashcash and WP-SuperCache, which I think is an essential plug-in!)
Anyway, I added your htaccess code to block spam before it even reaches WordPress, but when I tested it, I found that WordPress still recorded the comment as spam (and I found it was in the database). I'm sure I've got the cookie code correct, but what I think may be the problem is that my blog does not reside in the root directory of my site. Do I have to put in the blog directory ahead of "wp-comments-post.php" in the code perhaps?