Captcha's from my experience don't really stop any spam. Bots are getting more sophisticated with some of the more ingenious ones actually performing their own Optical Character Recognition, basically reading it for themselves rather than using a 'mechanical turk' API (humans being paid 0.1cents to post or read a link) are imposibble to stop.
A member on another site recently discovered that his test forum running on a home PC completely off the Google radar just sitting there on the end on an IP was getting spam posts regulary so do not underestimate how determined they can can be lol!
Regexing for specific keywords (or URLs) in the visitors post that are un-related to the thread/ topic can be used as a trigger to deny the post being published or flag it for deletion before Googlebot sees it. It makes for a more friendly site where genuine users can post links without hassle but is not overly difficult or time consuming to maintain. I've got a 'post a comment' feature on the Lovelogic.net radio station set up that works along these lines with a few surprise tweeks coming soon
Of course many just say no to links alltogether and strip out anything between the marker tags like this '/<(.+?)>/' because spammy or not, any outbound links do lead visitors away the site especially if the content is poor. The SEO gurus will also probably have something to say about the horrors of outbound links affecting page ranking as well.