We use the honeypot method hidden with CSS. We also set a hidden field with the current timestamp when the page loads. On submission, we compare the submitted timestamp (when the page was loaded) to the current time stamp (when the form was submitted). If it is more than 30 minutes or less than 4 seconds, then it’s probably a bot.

Using these two things with a very short naughty words filter has brought one of our forms from ~1000 spam submissions to 2 or 3 per month (and these are paid human spammers or SEO ‘experts’), and with no user impact.

Many more techniques at http://webaim.org/blog/spam_free_accessible_forms/