Why the CAPTCHA Approach Is Doomed
Then don't use the same field every time. Encrypt the field names with salt and a time-based password. That'll deal with the blighters.... until they start doing entity counting or the like. Then you insert chaff... Well, there's the arms race for you.
Some DNS Requests Ruled Illegal in North Dakota
This is one way to deal with it:
$ telnet mailin-01.mx.aol.com 25
Connected to da.mx.aol.com.
Escape character is '^]'.
220-rly-da05.mx.aol.com ESMTP mail_relay_in-da05.2; Thu, 17 Jan 2008 13:03:52 -0500
220-America Online (AOL) and its affiliated companies do not
220- authorize the use of its proprietary computers and computer
220- networks to accept, transmit, or distribute unsolicited bulk
220- e-mail sent from the internet. Effective immediately: AOL
220- may no longer accept connections from IP addresses which
220 have no reverse-DNS (PTR record) assigned.
All geeks are required to hate spam. It's in the by-laws, go check.