I recently tried one very simple-minded technique. I noticed that when presented with a collection of radio buttons, the spam bots seems to always either choose the first option or accept whatever was pre-checked. So on one web site I run I have a form that users fill out with maybe half a dozen questions. One of the questions is a "type of entry" with radio buttons for the choices. So I added a new first choice, "I am a spammer", with a parenthetical comment explaining why the choice is there, and made it the default. If the form is submitted with that option checked, I return an error message instead of the usual confirmation message. Since doing that, the amount of spam I get has dropped to almost nothing. I don't know if what's left is spam bots that take a different strategy -- randomly choose among available radio buttons perhaps -- or if it's human spammers rather than robots.

Mostly I did this as an experiment to see if it would work -- and frankly because it was fun to trick the spam bots into simply confessing and turning themselves in! Mostly I bring it up for discussion: maybe it will contribute to a better idea.

If a spammer decided that my little site was worth devoting their special attention, they could easily beat this with a slightly smarter spam bot. But that could be said of many anti-spam schemes.

Get rid of 99% spam, see this - http://wordpress-plugins.feifei.us/hashcash/

Obviously it only prevents automated spam, use it together with Akismet or something else and get a 100% protection.

Update: How HashCash works? Spamming costs nothing (its free using botnets), that's why it works. So the idea is that if this process can be made (CPU)expensive then bulk spamming/messaging would not work. More details are here - http://en.wikipedia.org/wiki/Hashcash

A simpler version can be implemented using JavaScript. Before submitting the form, the script would produce a computed value. This process has to be CPU expensive. Most botnets would avoid doing so and hence no automatic spam.

General comment about any anti-spam system: Nothing you do is going to be 100% secure. If your site is big enough or rewarding enough that a spammer decides to devote special attention to breaking it, they'll probably find a way. But it's like they routinely say about home security: Sure, a skilled, professional thief can beat any alarm system the average home owner is likely to be able to afford. But you'll keep out the clumsy amateurs, and if you make it enough trouble for the professional, you increase the risk for him that by the time he breaks it, you'll have returned home or a neighbor will see him and call the police. When I worked for the military, we routinely talked about the balance between security and preventing the legitimate users from doing their jobs. The goal in the military is not some hypothetical "absolute security", but rather something good enough to reduce the risk to "acceptable levels" consistent with minimum inconvenience to authorized people. Obviously what constitutes "acceptable" depends on what you're protecting: I certainly hope that the people who were protecting nuclear warheads insisted on a higher level of security than we put around radar systems. People in areas where attacks were suspected, like bases in the Middle East, had higher security than we had in middle-America bases. Etc.

Point being: How likely a target is your site? I certainly hope my bank uses tighter security to protect my money than I bother to use to prevent spam abstract submissions on the convention site I run. Sites that have millions of visitors and are well-known probably need better security than obscure sites with thousands or hundreds of visitors. How much is "good enough"?