I'm not a specialist, but I think there are several kinds of trouble in a forum :
I. spam posts from non registered users (if guests are allowed)
II. bot registering
III. Undesirable posts from registered user
Imho, III is usually not spam in small forums, and if points I and II are checked, can remain a moderator job. Nevertheless, especially for larger forums, preliminary automatic control can be useful too.
Possible solutions to avoid I. (non registered user post, or for III, user with a number of post < N):
I.1 - IP control (blacklisted IP or domain)
I.2 - Post analysis :
a page error if a URL is included (very good idea, but, like keyword filter, this solution may be cicumvented)
b Variant 1 : true BBcode URL plus some URL keywords or patterns (http, www, .com, .net, yyy.zz, URL with included spaces...)
c Variant 2 : post spam analysis (like mail)
I.3 - "Captcha" on each post (from non registered user)
a Something ultra-simple, like "copy [eight][one]: [.][.]" or "YES: O NO: O NO: O"
b Mathematical one (23 + 9 : [..])
c Image use (mmm, not very accessible)
d other...
I.4 - Moderation (post queing)
a by all administrator & moderators (whatever forum it is)
b by each user with more than N mail (N=100)
I.2 and I.3, easy to implement, could be included in punbb pack. Idea:
--- I.2 (typically b) always activated in punbb.
--- I.3 (typically a) activated on request, if/when I.2 become fruitless (administration parameter)
--- I.4 as an extension (a and/or b)
Possible solutions to avoid II (bot registering)
II.1 - IP control (blacklisted IP or domain) - not suffisant
II.2 - User name and address analysis (mode difficult than for post)
II.3 - Captcha, cf I.3
II.4 - moderation (registration queing), cf I.4
II.5 - Automatic deletion if no post during N days after registering)
Idea:
--- II.3 as a punbb option (adiministration parameter)
--- II.5 as a punbb option (adiministration parameter) [with or without previous option]
--- II.4 as an extension