Hi Lorna,

Great article, thanks for sharing. I feel the same about captcha's. With other contact forms (home-brew), I found that simply checking for a valid session was enough to filter out the bots. The only downside is that people that do not allow cookies (and so not the session cookie) will be treated as bots just the same, especially because I used to redirect them to the 'Thank you' page while destroying the message.