I am using my own php form processor using phpMailer. But have had some issues with spam sneaking through although I use Google Recaptcha in some case or the C5 addon Automatic Email Obfuscator. Be interested to know what people use to lessen spam such as smtp or a separate form processing company.
I built the package Anti-spammer Master in the marketplace and in my experience a honey pot can sometimes be extremely effective.
But your mileage may vary.
I know several websites that almost totally stopped SPAM with just the honeypot option from my package. It’s the case for my own websites.
But I know others for which the honeypot didn’t make a difference.
So I’d say definitely implement a honeypot as it’s an easy way. Then maybe the time to submission, the number of messages per unit of time, and the use of URL shorteners could be a good start.
I also had good results with Akismet but it’s, in theory, a paid service.
You should do a quick analysis of the kind of SPAM you’re getting, though, to find the best approach.
If you want to have a look at my package, the screenshots will give you an idea of what’s implemented.
One thing I’ve found quite effective is to geo-block certain countries. In my situation, I’m really not interested in anything that comes out of China, Russia etc, and pretty much anywhere that isn’t a “Five eyes” country. It’s relatively simple to do - either use Concrete’s built in GeoIP library, or if you’re using external code, it boils down to:
which returns a JSON payload including the ISO country code. If the country code is not one you want to hear from, drop it all on the floor. - better still, fake an “invalid captcha” response - drives 'em nutz!