How are spam blogs determined?

I'm a little confused by the fact that several new blogs on my network have been incorrectly identified as spam, and legitimate users asked to prove they are not spammers, while in other cases non-legitimate users have created accounts that went unchallenged but were actually spam. I understand how the pattern matching works when it comes to blog names, but the blogs being spammed did not fit any of these patterns. If I have to constantly check the spam queue to make sure good sites aren't getting caught, it rather defeats the purpose of using the anti-splog plugin for me. I wonder if it's necessary for me to use it, since I already have a terms of service agreement that must be checked, and email confirmation is also set up. Is the anti-splog plugin actually what requests users to enter a couple of sentences proving they are not spammers, or is that a different feature? If so, I may disable it, but I wanted to confirm first that this is what is triggering the spam alert. Thanks--