How contact form can be protected from abusing by spammers?

Question

I regularly receive a lot of spam and have noticed some pattern. Spammers seem to use publicly available contact forms on random (rather credible) websites. These forms send confirmation message to the specified email on form submission.Is there a way to protect such publicly available forms from spammers? Is *captcha the only way to do this?Using something like CSRF token doesn't seem to solve the problem.

gregjor · Accepted Answer

I have had success with a simple hack to the forms. I rename one of the fields (usually the email address) and then add a fake hidden field named "email". If the form gets submitted with something in the fake field the back-end code ignores the form submit.

  

  Your email address

The back-end looks for the real email address in the "fax" field, and silently ignores the form submit if it sees anything in the "email" field.

I don't remember where I saw this trick a few years ago, I didn't think of it myself. It has worked pretty well on multiple sites that have exposed "Contact us" forms.