I've read the spam FAQ and I don't see a solution to my problem.
I have my options set as follows:
* Anyone can register: unchecked
* Users must be registered and logged in to comment: checked
There are no registered users other than myself.
And yet, every day I get several notices about posted comments that I need to moderate. It's always spam. How are the spammers getting around the "registered and logged in" requirement?
At least the spam is just going into moderation and not actually being posted. But it seems to me that given how I've got the controls set, they shouldn't even be able to get a comment into moderation.