In the spirit of earlier heroic failures, I just saw someone attempt to put an entire POST form in the actual HTTP request. No, really. The incoming request looked something like this:

login=%5Burl%3Dhttp%3A%2F%2Fwww.nextlevelnews.com%2F [.. elided ..] %2F70.html%0D%0A+&view=login&page=blog%2Flinks%2FBestToolPOST /~cks/space/.login HTTP/1.1

This is perhaps the most abject spammer failure I've seen.

(It also confirms that web spammers are targeting my login form as well as the 'post a new comment' form; I have a theory on that, which doesn't fit in this margin.)

Unsurprisingly, the request came from a charter.com cablemodem that is currently in bl.spamcop.net and the CBL, among other places.