A couple things I've done that seem to prevent a lot of 'bots from spamming through the form are:
1. Use PHP sessions, generate a random string (e.g. with uniqid()), save that in a session variable and put it into a hidden input field. When the form is submitted, reject it if that input does not match the value in the session data.
2. Create a text input field with some common label, but that you don't actually need. Use CSS styling to make it "display:none". Then in the form processor, if that field has anything entered in it, reject it as a 'bot.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation