It turns out that it is pretty easy. I had to add a few lines to Application.cfm and addcomment.cfm. The drawback here is that I will have to repeat this process when I upgrade BlogCFC, but it is pretty painless.
First download the com.sebtools package into /com/sebtools, CustomTags/com/sebtools, or anywhere with a com/sebtools mapping (or change the path below).
Add the following code above <cfset application.init = true>:
<cfset application.datamgr = createObject("component","com.sebtools.DataMgr").init(application.blog.getProperty("dsn"))>
<cfset application.spamfilter = createObject("component","com.sebtools.SpamFilter").init(application.datamgr,true)>
Note if you aren't on windows that case will matter to DataMgr for the database indication (see the file names for correct usage).
Add the following code above captcha validation:
<cfset errorStr = errorStr & "This entry looks like spam. Please edit and try again." & "<br>">
Here I simply add code to ask SpamFilter.cfc if it thinks the form post is spam. The definitions (both words and regular expressions) for spam are stored in a database and SpamFilter.cfc provides methods to update those definitions. Additionally, setting the second argument to "true" makes SpamFilter.cfc check my site for new updates when it is initialized.
My example code alerts the user if SpamFilter thinks the entry is spam in case they are legitimate. I think the settings are such that it won't be worth the trouble for a spammer to keep trying. If you don't like that response, you can take any action that you like in response to detected spam.
As an experiment, I also opened /org/camden/blog.ini.cfm and changed useCaptcha to "no". I'm curious to see how much spam I get without Captcha turned on.
The com.sebtools package is open source and free for any use.