Okay, two techniques, one that’s going to be comprimised sooner, one that’s going to be compromised later:
- A hidden field that must be supplied
- A javascript client-server MD5 oneway hash
I don’t see the second as a viable solution because it demands javascript (precluding certain users), and the first will be bested by the spammers when it becomes economically viable. I guess it depends on the implementation cost as to if it’s adopted here.
Okay, I’ll bite: How many people these days don’t have Javascript capability?
The same people who use browsers that don’t or can’t display images?