It turns out it is harder than I originally thought. Comments can't be edited, and so you can use the PRE_COMMENT_ADD event, but for a post, the spammer could simply edit the post after he posted it. So, I first tried to use POST_LOADED, but that caused an extra nofollow to be added each time the post is edited/updated. So, it has to be done using EVENT_PROCESS_BLOG_TEMPLATE_OUTPUT, which means that you can't distinguish between post links and sidebar links - which I guess is good, since the spammer could put links there too.
Try out this file, and see what you think.http://jon.limedaley.com/plog/plugins/n ... class.phps
I think the best solution will probably be to combine the two plugins, and have a setting for comment links, and a setting for all links.
What does google do if he encounters a link like <a href="asdasd" rel="tricky_spammer nofollow">asdasd</a>?
The current code will do that if the poster enters a link like this: <a href="asdasd" rel="tricky_spammer">asdasd</a>.
The content replacing could be changed to fix that.