So, the downside to adding jquery to all my pages is that, with my carefully throttled bandwidth, it ended up adding significantly more time to the page load than you’d expect. This was recently explained very clearly over on Surfin’ Safari.
As a result, I moved all the JS libraries over to Amazon S3, where I’m already hosting my pictures. This turned out to be a bad idea, because while their service is very quick, every once in a while it fails to deliver a page. And if the jquery library doesn’t get loaded, my comment-spam trap becomes lethal.
The system I came up with a while ago, that has proven to be 100% effective, is to set the form-submission URL to “imacommentspammer”, and use JavaScript to replace it with the real URL once the page finishes loading. My log-scanning script checks the Apache logs for this and other “interesting” URLs, and immediately adds the associated IP address to the firewall’s block list. Spammers that scan the static HTML pages never see the correct URL, so into the trap they go.
The unfortunate side-effect was that if S3 failed to deliver the jquery library, any attempt to post a comment resulted in my site vanishing from your view of the Internet. That’s a little extreme even for me, so I added a second step: the form submit button is disabled in the HTML, and enabled by the same script that fixes the URL.
[I noticed this because the script tried to ban me; fortunately, I have a whitelist for just such occasions.]