Matthias Hertzog wrote:
b) Web-user has to enter a unique number (generated image) in the form to prove, he's a human being.
Works fine, but you think of the visually impaired. There are captchas which provide the number also as sound. But I wouldn't use captchas on business websites, it's to annoying for the users to type in the number.
c) Badword-Filtering in the formmail-script, some reqular expressions a.s.o.
Often it helps if you give the fields "unsuspicious" names. "meinfeld4" instead of "recipient" and so on...
I use mod_security [1] with the rules from gotroot.com. mod_security blocks the spam before the form gets processed. Additionally, it protects the server from SQL-injection and other attacks.
Greets, Manuel