WordPress does an outstanding job of blocking spam commenters. You may not have noticed, but every commenter that has a blog or website will have his/her name shown in a blue. If you click on their name, you will be taken to their website or blog.
I have no problem with legitimate commenters promoting their own website and always allow them. Spammers do the same thing. If they can get their comment allowed, then anyone clicking on their name will be taken to their site, which is typically porn, medical sites (VIAGRA), or various others.
As I said, WordPress catches the majority of these. In the past the spammers used to embed their sites in the contents of the comment. Those were easy for WordPress to identify. Now they have taken on a new technique. They select portions of your post and use it as a comment.
When WordPress is not sure, if a new comment is real or spam, it puts it in a queue to be reviewed. I have noticed in the last week that almost all comments in this queue are of the form I just mentioned.
If you don’t pay attention it would be easy to authorize one of these comments. The spammers are becoming more clever.