That makes sense, and matches up with my experience... you also have "amateur" spammers just doing stuff manually (as well as spammers paying people pennies a page to input CAPTCHA responses). Another issue is that the unsolicited contact paradigm blurs a bit, when you have musicians and promoters and organizations with causes, etc. all asking to be "added as a friend"... the situation becomes one of those "I know spam when I see it." ones... Ken Simpson wrote:
Some of it is quite sophisticated: full blown "instant" profiles with fake comments ... the smarter spammers actually make the profile look real (often lifting material from legit user profiles), and then just ...
At the MIT Spam Conference, I was talking to MySpace's anti spam researcher. He said that they see many profiles that look totally legit and which have been carefully nurtured for more than six months -- and then the formally legit profile suddenly becomes the drop site for a Phishing campaign or other spam repository.
Captchas apparently help quite a bit to stem this kind of problem because they install a technical barrier that, while not impossible to break through programatically, at least delays things a bit and reduces the ROI for the spammer.
Regards, Ken