A possible solution to avoid spam in posts, is the use of captchas.

But I have found another solution: I found out that all automated spam posting programs/scripts do not execute the javascript on a form (i.e. the javascript to validate the form on client-side).
 

My solution, aka the hidden captcha:

1.
I use a hidden field.

2.
I set the value of it to 0 or something.

3.
Right before submitting, I update its value to some large number, e.g. 4599843126548

4.
In the handler of the form, I check this paramater. If it is the same value (4599843126548), it is submitted by a user (who has his javascript turned on)
If the value is 0, it was submitted by a spam posting program.

This way, I can check if it's submitted by a person without bothering the users with captchas.

And yes, I know that this method is not waterproof, but this solution has been working for more than 3 years now for all our sites.
I even always use the same number, hard-coded ;)

A better solution would be to generate it on the first page and then save it in some session-var.

But, as I said, it works: no more spam in our posts, users don't have to captcha.