You could use length or some other pattern matching to catch spam. I would suggest a really big captcha though, if your users are vision impaired then increase the size. One of the best combos is to have a captcha, but allow registered users to by pass it by logging in. Then your normal users aren't bothered and you keep the spammers out. I've used this very successfully in the past, pair it up with an IP based time limit and you'll keep 99% of unwanted spam out and not bother your users too much. PS my captcha was actual words instead of random text to make it easier on users. Like with any security measure the goal is to balance the strength of your security, your users needs, and the benefits of the security you are added. If you only get the normal bots that don't try to hard then measures like this are very effective. If you think you are dealing with an individual determined to spam your site then you might need a very different set of security measures.