OK, here's a question for anyone willing to step up and answer or point to solution:
I have some HTML forms for site visitors to request product information. Some of these forms send data to SalesForce. There has been an issue of spam coming through, so I have implemented CAPTCHA's via php (code created as an image), and have also gone through and setup additional checks on the form's fields. These checks are verifying that fields aren't blank, don't contain a url (a common item in the spam), and that email address is in proper form. In testing, there is no way to bypass these checks, but somehow things have gotten through. Does anyone have any thoughts/ideas/ etc for something like this? I figure there's bound to be someone who has experienced a similar scenario. I'm also blocking IP's that have been attempting brute force attacks, but am looking for a more proactive vs reactive solution.