Some of our online forms (contact, archives request, etc.) have been getting a bunch of spam lately. I have heretofore avoided using any of those obnoxious Captcha things and would rather not start now. (I personally loathe them and they keep getting harder, which tells me that the spambots are probably better at them than we are...)
Does anyone have some good/easy/free/less-stressful spam-inhibiting ideas?
One that occurs to me to try, and I have no idea if this would match well with actual bot behavior: at the time the form loads, include at hidden field with id=[unixtimestamp]. When the form is submitted, ignore any forms that took less than (10? 15? 20 seconds?) to fill out on the assumption that bots probably do it way faster - or possibly way slower? Do they save them up for later? Should I add an upper bound? Is this just a really dumb idea?
If I try that one, I would start not by eliminating the bad results but by marking them as spam and seeing how effective it is.
Other ideas? (PHP-friendly answers would be easiest for me to implement, but others may work too.)
What works for you?