I'm afraid this is happening more and more.
Those IP addresses are most likely, proxy or infected machines.
I think you can only combat this by using server side scripting like php or asp.
I've combined a few things to help prevent these spam attacks.
1: php security image code needs to be entered by human (but lately this has sometimes been bypassed by some modern spammers)
2: Using php again I'm blocking empty UA from accessing forms as these were found in my log files. (Check log files to see if they have an empty User Agent (browser))
I then add the IP address to my bad bot banning file and ban them from accessing forms and certain files.
3: Strict php error checking before the form is processed.
>> Make sure all fields required are completed.
>> Email address is a valid address and not anything@yourdomain as this is very common.
>> Make sure form was submitted from the correct page and not remotely.
It all depends on your server and how much control you have but I'm sure php will be available.