I know 3 types of spam in WordPress, and speculate one more:
* comment spam
* trackback (or pingback) spam
* registration spam
* plugin spam
The comment spam is well-known to any blogger. Without protection, the blog is doomed. Therefore, different antispam tools are used — Akismet, Spam Karma, Advanced Textual Confirmation, a lot of others, — with different efficiency and usability.
One can consider the trackback spam to be a subtype of the comment spam. Mostly because WordPress doesn’t make a big difference between them. But there is the big difference:
* Comments are supposed to be written by humans, but
* trackbacks should appear automatically, without manual intervention.
“Without manual intervention” means “without any control”. Too much good for the spammers. And due to the nature of the trackbacks, there is no easy solution. More on it later, please wait till I improve my note “Decline and fall of the trackbacks; rise and resurrection of the trackbacks”.
The registration spam is less known. You get one only if you create a community around the blog. As usual, for one good member you get a horde of spammers. I have no idea how people fight against this. On my blog, Advanced Textual Confrimation (ATC) works perfectly.
Finally, the plugin spam. I mention it for completeness. If you have a plugin which allows an user to publish something on the blog, you’ll get spam through this channel.