@unique_id = hash_value(Time.now)
session[:form_validator] = @unique_id
— your other form fields here —
if params[:validator_field] == session[:form_validator]
Pretty easy to implement and no complaints about spamming.
Peter De Berdt