Others have praised CFFormProtect, but I wanted to share a couple quick stats and give another shout out to Jake Munson for the very useful CFFormProtect. If you're not familiar with CFFormProtect, here is a snippet from the description at RIAForge:
CFFormProtect is a fully accessible, invisible to users form protection system to stop spam bots, and even human spammers. CFFormProtect works like some email spam protection systems, in that it uses a series of tests to find out if a form submission is from a spammer or not. Each test is given an amount of points, and each test that is failed accumulates points. Once a form submission passes the threshold of 'spamminess', the message is flagged as spam and is not posted. The points assigned to each test and the failure limit are easily configurable by you.
It is quite simple to implement, and the code is rather simple and lightweight, but brilliantly useful and powerful! The latest version of BlogCFC ships with CFFormProtect and you can optionally enable it to block comment spam. I rarely see any comment spam get through on my blog, but this morning I had a flurry of 10 or more, from the same spammer. I was quickly able to tweak my INI file for CFFormProtect so this particular spam would be blocked from now on. I also decided to peak at the log file for CFFormProtect (you can optionally have CFFormProtect log blocked spam occurrences) and noticed that my blog gets a *LOT* of comment spam, but I never have to deal with it, thanks to CFFormProtect!
This morning was the first comment spam I've had get through in months, but it turns out that CFFormProtect has quietly blocked more than 80 spam attempts for me in just the last 24 hours! If you're a CFML developer and you'd like to protect any form from spam without bothering with CAPTCHA, I highly encourage you to check out CFFormProtect.