i would like to suggest to display user comments as plain text instead of html in the wordpress admin menu. the reason is simple:
- admins can see malicious code
- spam triggers are not fired.
a remark to the second point: I reckon some spammers work similar to email spammers, who place a 0px image into the mail body, which requests a 3rd server script with the recipients email address as parameter. this way the spammers recognize which e-mail addresses are actually read and from there on these email addresses are reselled and spamed.
so the same thing happens to our blogs. the spammer posts a comment with a validation image in it. the admin views the comments in the wp-admin and this image gets loaded, after that the spammer believes that his comment was published (because the trigger updates the related database flag) and continues to spam the blog, despite the fact the admin never actually published the comment.
so the solution would be plain simple: Just display the comments as plain text instead of html. if the admin wants to validate how the comment would look like when its published, he can still click "preview" to see the html version. but at least he gets the chance to prevent this "spam validation process".
hope the description of the problem hits the point.