An issue regarding how your plugin determines a commenters IP address has come to light on the SFS forums.
Bottom line is only the 'REMOTE_ADDR' header field is an acceptable source. They fully realize this may not be the spammers computer but a gateway or proxy. But it is the only field that cannot be spoofed, and it is the IP people using the database should be using to identify spam source. Spoofable address fields are of no use to SFS.
Unfortunately, this brings into question the veracity of ALL spammer reports submitted to SFS via your plugin. I hope you can appreciate that this is a BIG deal to SFS.
You need to either correct the source for the IP address for SFS reports or remove the ability to report spammers to SFS ASAP.
I have no official capacity at SFS, but I am a long time regular and am sure I've accurately represented their stand point, and probably MUCH more politely than they would.