Most bots will fill in form fields they recognize with the data they are spamming. When they come across an unknown field, they will usually fill it in with a random string just so the form is submitted without error. This is where we can take advantage.

Create an input field in your form.

<input type="text" name="botcatcher" id="botcatcher" />

Then in your css you wanna hide this field.

#botcatcher { display:none; }

When the form is submitted, you want to check if this field has a value. If it does, discard the form as it’s usually a bot. I just send them to the thanks page so it appears to be successful. If it doesn’t have a value then its usually a real user.

<?php
if(empty($_POST['botcatcher'])) {
    //Valid user, Process the form
} else {
    //Invalid user. Discard the form
}
?>

I have been using this little technique on my forms for a few years now and it has drastically cut down on spam bots. Try it out and let me know what you think.