I find using a honeypot is a good method. I have fields named “email”, “site”, etc. set to have no size and hidden in CSS and the real ones called “liame”, “etis” (backwards). The label for the honey pot ones just say “Only fill these in if you’re a spammer” so if someone has CSS disabled they won’t be trapped by it. If any of the honeypot fields are filled in I instantly discard it as SPAM since only a bot would’ve filled those in.

Work surprisingly well, I’ve had no SPAM since implementing this.

Originally I had a honeypot with just a random name, but the bots got smart and would only fill in the fields called “email”, etc. So switching around the names of fields seems to work for now.