yaimapitu - 11:29 pm on Aug 10, 2013 (gmt 0)
With my forms I have two protection methods:
The first is an ".htaccess" file that ensures that nobody can access the form unless they access it directly from a page in the same domain (i.e., the browser has to present a specific referer). Sure it may keep the odd real user out whose browser is set to not send a referer, but I have decided that I can live with that.
The second is a URL trap and a note in large letters to the effect that users should not post any URLs, since messages containing URLs will not be delivered.
Result: No spam coming in. :)
And the log files tell me that no real users are being turned away...