JS verification will do f**k all. Bots bypass them, hence why you should always do server side verification.
I suggest the honey pot method. This should solve most of your spam. It's actually really simple but at the same time very effective.
Add a few fields to your form. Call them subject, body, name, etc, things that are generic to most forms on the web. Now, wrap these form fields in a div and place a CSS class on that div with a non obvious name, e.g. 'farmerted', and add 'display:none' to the class. This will hide the form fields from normal users.
It's best practice to put a note after the open div tag and before the first form field saying something like 'If you can see these fields, please do not fill them in'.
Now, all you need to do when the form is submitted is check if those hidden fields have content. If they do, a little spam bot has been a crawlin' and you return an error saying 'Invalid Form Submission' or something.