Sigh. I guess it is a good sign that I’m researching CAPTCHA’s at the moment. Spammers finally seem to have found our site watvindenwijover.nl and deemed it good enough to spam it. Surely a sign of succes, but also a nuisance for the normal people using the site. Making the signup procedure a bit more difficult for computers seems the way to go, so some kind of CAPTCHA has to go in. The other approach would be to use a DNS-based blocking list, e.g. through an apache module like mod-defensible but in general I’m not a big fan of blocking lists due to false positives.
I’ve ended up cobbling my own invisible captcha together based on the ideas put forward in the .NET article mentioned above, and so far it seems to work fine, keeping the spambots out while letting normal people in. I’d link to our signup page so you can see for yourself, except that it’s an invisible CAPTCHA. :-)