Our site has what we understand to be approx 800 users that have been active at one time or another combined with 5200 that are all spam bots.
We have modified the registration process such that anyone signing up for the forum must wait for an admin to manually approve them. This should keep out new spammers.
To get rid of the old ones I am probably going to delete every account with a post count of zero in the last 6 months. If people created accounts to just lurk on the site they will have to re-create those accounts. Sorry for the inconvenience.
If i can come up with a more sensitive way to do this I will, but its not looking like i will.