Here's clip from a note I just sent to a space admin person:
FWIW wiki spammers will use one of three vectors. If "Confluence Users" the general and open registration they will
1) when possible edit a page to insert their urls
2) use the comments feature to add comments with spam
3) attach files that are either spam pdf/docs with links to their stuff or else urls to send the reader to their sight.
FYI What I do is this after I find out the offending user name:
1) I change the offending User's password
2) I send them a cease and desist email – yes their listed email may be bogus, but this I feel is a legal step if things go further
3) I change their email to an account I created so that if they request a new password – I get the new password message and not them.
note: one of the weaknesses of Confluence is that it does not permit you to delete a user without deleting all their pages. This is ok when you have a spammer, but we have had a case or two when a person leaves a project and needs to be removed from wiki access. Also, if I delete a user and his or her pages, there is no way to keep that person from re-creating that login.
So, I follow the three steps above. Plus one more: I have a page that uses a macro to identify page activity of a user account: {content-by-user:user-name} to see if there are any other pages by that user.
Unfortunately, this macro doesn't inform of uploaded attachments, created news, or edits to an existing page. So, back to my starting point to Jason. If we are going to have spaces where self-registered users, "Confluence Users," can do any sort of write action, then we will need to be vigilant.