I use 'reverse captchas', which include an extra text field on the page that is hidden by Javascript/CSS; any text in that field will cause the request to fail. End-users can't see the field, so they don't put anything in it, whereas bots almost always do.