dstiles - 8:34 pm on Mar 10, 2013 (gmt 0)
Banning spam from forms is a complex operation. I have a fairly effective anti-spam trap on my server now (approx 22K of code held in a "library"), coded in classic ASP (with regex!). It verifies email address format (which is necessary even for real postings: some people are rubbish at typing email addresses!). It also blocks on IP ranges, countries (if you don't want indian or chinese spam), and known "bad" words (not just obscene or swearing but products as well) in subjects, body and sigs. I limit lengths depending on type of form and block URLs from subject and body.
And important: If you block a form, write its contents to a "log" file along with date, time, IP and other info: sometimes a blocked form is actually valid and sometimes important.