I've developed an alternative to captcha for blog comment/forum spam a while ago.
There are many methods that are easily dismissed with "but not all spam is like that" and "someone could work around it easily":
• blocking of links (if you don't need them, or in fields that are not for them).
• blocking of obviously spammy keywords (or bayesian filter)
• invisible fields and syntax to trip up dumb implementations
• requiring JS, properly-functioning cookies
• blocking of IP ranges that belong to VPS providers and a couple of 3rd world telecoms that allow spam
Each of them is surprisingly effective and combined they block 99.8%.
You really shouldn't flatter yourself thinking that a spammer will even look at your page. They have literally millions of sites to spam, and they couldn't care less if they get yours or not. A bot will find a 1000 other sites to spam quicker than it takes a human to click "View Source".
Most of spam is done by amateurs who take shitty off-the-shelf spam software, seed it with a target list copied off some forum, and run it on a couple of spam-friendly or incompetent VPS hosts. By volume, this is the vast majority and it's very easy to block.
There are many methods that are easily dismissed with "but not all spam is like that" and "someone could work around it easily":
• blocking of links (if you don't need them, or in fields that are not for them).
• blocking of obviously spammy keywords (or bayesian filter)
• invisible fields and syntax to trip up dumb implementations
• requiring JS, properly-functioning cookies
• blocking of IP ranges that belong to VPS providers and a couple of 3rd world telecoms that allow spam
Each of them is surprisingly effective and combined they block 99.8%.
You really shouldn't flatter yourself thinking that a spammer will even look at your page. They have literally millions of sites to spam, and they couldn't care less if they get yours or not. A bot will find a 1000 other sites to spam quicker than it takes a human to click "View Source".
Most of spam is done by amateurs who take shitty off-the-shelf spam software, seed it with a target list copied off some forum, and run it on a couple of spam-friendly or incompetent VPS hosts. By volume, this is the vast majority and it's very easy to block.