We set up a form field that is invisible to human users, who will therefore never populate it. But the field is visible to spambots, which will populate it. This gives us a way to differentiate between human users and spambots. We also just added a custom validator to the form field; one that checks that it is still empty when the form is submitted. If the field isn’t left empty, then our software smells a rat (detects a spambot) and blocks the submission!