There has been LOTS of discussion recently in the bloggosphere about suitable methods to recognize and automatically suppress spam postings: sorts of blacklisting something, filtering manually or automatically, using bayesian algorithms, restrict comment posting more or less, use CAPTCHA methods to keep out bots, and so on.
Your suggestion is another method, and I didn't see it before. It will work as you described, classifying comments with more than two links per comment as spam. This will stop one class of spam, the one having tons of links in one comment.
But... I think this won't be a longer-term solution. As soon as spammers realize they can only post two links per comment, they'll do so. Instead of posting one comment with 20 links, they'll post 10 comments with 2 links inside. You could decrease the limit to 1 link, so they'll post only one. You could permit link posting, but that would be a high impact on usability for legitimate users (and an increase in work for you, as you had to manually approve all submitted comments having links inside).
And if you let through all comments without links in their body, you'll see an increase in another method some spammers already use. It's a decent way of spamming, not as offending as the "bulk url list" comments you mentioned before. It's a method I'd describe as "smart spamming". Those spammers put their URL in the URL field, while posting a comment that seems to be ontopic on the first sight. A nice example for this can be seen here. You won't catch that at all by just counting the number of links in the comment - there is no link.
So, we need another method. Turning of the URL field would be an decrease of usability of blogs - and we don't want that. Moderating all comments with an submitted URL would be an increase in work for the administrator - something we would like to cut down to a minimum, of course...
Personally, I strongly believe that the URLs themselves are the key. Whatever other options bloggers might try to suppress unwanted (spam) comments, spammers will find a way to get around the restrictions more or less easily. There is only one thing that really can't be changed without making the spam useless for the spammers: the URL. They have to give at least one link, else google won't push their page rank - and that's what this damn spam phenomenon is all about, right? Cloaking the main URL somehow (for example, giving the link to a redirecting page) won't do the trick for them, because it most probably will have an impact on page rank as well (and thus be negative for the spammers). There isn't much they can do to get by this way of filtering, I think.
If the URL is the only key to rely on, blacklisting spam URLs is the answer. It's easy to implement, not too hard to keep up-to-date (in fact I'm thinking of a standalone tool that helps on managing blacklists and that help to strengthen out a "web of trust") and safe. If you want to be sure that no spam comment makes it through to your blog you also might consider to enable comment moderation - but even without general comment moderation you'll catch most of the spam without having to raise a finger. In my eyes these two solutions are the most effective methods to keep your blog free of spams.
Or to speak with the words of Club vs. Lojack solutions: URL blacklisting, amongst the other solutions that have been proposed so far, is the club solution that is the nearest to a Lojack solution of all other clubs.
Maybe I missed an important point. If so, I'll happily stand corrected :)