And
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
<http://whatsmyuseragent.com/CommonUserAgents.asp#>5.1)", is pretty much
useless, unless you've already identified the spammer through some other
process.
It isn't useless. It clearly shows that the user is acting malicious by
having automated software that disguises under common user agent.
1) Only if you've already identified the spammer through some other process
(otherwise, you don't even know if they're using automated software).
2) It doesn't really show that the user is acting malicious even if you can
determine that they're using automated software. They might be using
software written by someone else. Or they might have read the error message
which says "please supply a user agent" and followed it by supplying a user
agent. It might be malicious, or it might be an error in judgment.
Regardless, what are you going to do about it? Block the IP? For how
long? Even if it's dynamic? Even if it's shared by many others?