Yeah, same thing as Permasolutions. Everything was fine when I had WordPress 3.6.xxx. As soon as I upgraded to 3.7.1 the spam started again. Most major sites aren't going to upgrade to 3.7.1 right away, so that might be why you're not receiving a lot of people reporting issues either.
Now while you can just "brush off" these reports as nothing wrong, so far you have at least two users who upgraded WordPress to 3.7.1 from an earlier version and are now reporting issues with spam coming through. To me that would raise a flag that maybe as a developer I would want to upgrade a site to 3.7.1 and see what happens.
Anyway, here are my settings as a reference:
* Checkbox Label: Check to verify you are NOT a spammer
* Checkbox Name: cl_check_568
* Secret Key: Use secret key? (is ticked)
* Allow Trackbacks?: (unticked)
* The user forgot to check the checkbox: Please check the box to confirm that you are NOT a spammer
* The form has a hidden field added with a labe...: You appear to be a spambot. Contact admin another way if you feel this message is in error
* User refer check?: YES
* Maximum comments in moderation?: DISABLED
* Maximum number of URLs allowed in comment text: 0
* Maximum number of words allowed in name field: 0
* Where to send suspicious comments?: PENDING
I also do not have any cache plugins.
PS: Andy: you also never responded to the bug report below:
On my plugin page is says it's using GASP "Version 1.5.4 ". However, when I click on "settings" for the plugin it says, "Version 1.5.2 GASP has caught this many bot comments : 0"
I've never had a version of GASP prior to 1.5.4, so don't know why it would say version 1.5.2?