My clients are constantly plagued by form responses filled with spammers' links.
I currently use .htaccess to block known spammers, a temporary solution but one that also bans whoever inherits the IPs, and image CAPTCHAs to block spambots but I realise these are not accessible. I also display the visitor's IP as a deterrent.
As spammers are mostly driven by including URLs in their polluting contributions, it would seem logical that a script that bars 'http' and 'www' from being submitted in any form fields would reduce this type of spam enormously. In most cases URLs are not required anyway.
Please can anyone link to/write such a validation script?