You can filter for spam and or email addresses.
the russian one is easy, you just look for .ru in the email address, you can then still have those messages sent to you but your mail() routine could add [SPAM] to the subject line, your email client can then filter all messages with a subject line that contains [SPAM] to a separate folder so you can then later look at designing a filter for your web form to recognize Spam so the flow is truncated at the server.
Your mail() function can parse the body for keywords like ...
v.i.a.g.r.a and all its other permutations
etc., and do the same as previous, add [SPAM] to the subject line.
Does your form have a captcha script? If not your form will be open to abuse.
One way of finding contact forms is when google crawls the site, your contact form is found, you may want to have the contact page name changed or to require a further click to a form that issues a web form and your handler script checks to see if it issued a web form because SPAM can come from a PUSH method, most forms follow a standard format of
Which could be
some spam scripts will request the page, the format of the page is analysed for its fields and the names in the HTML to know what format the page is in to push a message.
captcha will curb bots but the more sophisticated bots can mimic a human input, the flaw in captcha is in the audio, a bot can convert audio to words/letters/numbers if it has the capability to convert audio in to characters, the field validation can then be completed and spam gets through.
Some devs may wonder why a spammer would go to such lengths, sometimes its like crackers, they do it because its a challenge to show just how clever they are and because they can.
So the question is how far do you want to take this?