Originally Posted by knightCoder
Honeypots are then easily identifiable and subsequently side-stepped by people who know what they are doing.
Yes but we're not talking about someone maliciously attacking the site are we. We're talking about bots that probably scan millions of pages html code looking for commonly named form elements in order to add them to their own database ready to send spam to.
What you've said is fair of any attacker looking at any website they want to attack. If an experienced attacker wants to attack a site then unless the php coder is a pro (and also a IT security expert) then they don't stand much chance against an experienced attacker anyway.
The point is the op wants to reduce the amount of spam being sent to as little as possible. Using a honeypot will probably do this effectively but using random field names would be better along with an emailed confirmation link which witholds the form data in a table until the link is clicked.
Again even if you're not an attacker you could sit there submitting the form multiple times so in reality your arguement about an attacker looking at the source isn't overly persuasive from my POV.