Lately we've been getting a lot of signature spam. To prevent this we implemented a new usergroup that only allows creating a signature after 10 posts. However today we received more signature spam from a user with 2 posts. I logged in as this new user and the signature section was not even visible (as expected)* so how did they accomplish this? I checked the user profile and the account was registered today* so it can't be a problem with an old account that just started to be used for spam.
We're also seeing a lot of spam that is obviously being done by real people as they are trying to use keywords in their posts that are unique to our industry.