Very clever solution imvain2. I like it. It is a good added layer to go along with a CAPTCHA, server-side validation, and a modrewrite solution that I use shown below.
Code:
<div style="display:none;">
<input type="text" name="myemail" value="">
</div>
One should never be too arrogrant to think that a spammer or hacker can't get through one layer of defense. While they do depend on automated bots to most of the heavy lifting there are real humans behind these bots that can very easily look at the source code of a webpage and make code modifications to their bots faster than we can say boo.
This modrewrite solution that you can add to your server's HTACCESS file can be very useful if implemented correctly. And along with the other suggestions on this thread can create a very good multi-prong approach.
Code:
RewriteEngine On
# Code needed in case server config hasn't completely enabled Mod Rewrite
RewriteBase /
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .*your_posting_page\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.yourdomain.com/errorpage.htm [R,L]