Thorny Form is a Rails plugin for unobtrusively protecting forms against form-SPAM.
It adds extra fields like a honeypot and some others which can then be checked before the form-data is used in your application.
To use Thorny Form you just need to change two lines per form. First in the view form_for has to be replaced by thorny_form_for (remote_form_for by remote_thorny_form_for). Then in the controller you have to add a check for spam in the shape of self.thorny_form_free_of_spam?. See the full Thorny Form docs for a code example and installation instructions here:
It is not an unbreakable solution, but it is likely to continue to work for quite some time. The following joke from Ned Batchelders blog nicely sketches why:
Jim and Joe are out hiking in the forest, when in the distance, they see a huge bear. The bear notices them, and begins angrily running toward them. Jim calmly checks the knots of his shoes and stretches his legs.
Joe asks incredulously, “What are you doing? Do you think you can outrun that bear!?”
Jim replies, “I don’t have to outrun the bear, I just have to outrun you.”
Thorny Form is under the Affero GPL, and developed by the LogiLogi Foundation (http://foundation.logilogi.org)
greetings,
Wybo Wiersma