And "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT http://whatsmyuseragent.com/CommonUserAgents.asp#5.1)", is pretty much useless, unless you've already identified the spammer through some other process.
It isn't useless. It clearly shows that the user is acting malicious by having automated software that disguises under common user agent.
1) Only if you've already identified the spammer through some other process (otherwise, you don't even know if they're using automated software). 2) It doesn't really show that the user is acting malicious even if you can determine that they're using automated software. They might be using software written by someone else. Or they might have read the error message which says "please supply a user agent" and followed it by supplying a user agent. It might be malicious, or it might be an error in judgment. Regardless, what are you going to do about it? Block the IP? For how long? Even if it's dynamic? Even if it's shared by many others?