Spam blocking options for Drupal Webforms

Explaining to a friend what I do.

(most of my work is doing things like googling "drupal stop webform spam" but unfortunately in some cases like this it doesn't bring anything up)
(*anything useful)
Shreya: AntiSpam Protect Web Form Captcha Plug-in for Drupal | drupal.org

ben: you found the weirdest module i've ever seen

S: http://drupal.org/node/200869

b: Also Drupal 5 not 6. http://drupal.org/project/pwfcaptcha Just plain Captcha would work. but the hope is to find something that won't require non-spammers to fill out a captcha every time
Mollom would do it, but the patch for Webform hasn't been committed and it actually doesn't seem to do any smart analyzing of text [] which is the whole point

s: Mollom seems to be working for people
i read comments
MyCaptcha is a CAPTCHA implementation for Drupal 5.x.
so you need 6 or 5?

b: Anjali's site (and we hope all the sites we have to deal with) are 6.
see, a captcha bugs people every time
and i'm pretty sure that mollom is not doing its text analysis when used with webform, even with the patch, so it is the same as a captcha
trying the Hashcash module, which blocks anything that doesn't have javascript, which usually means spambots
but it was causing problems with uploading files (on a Drupal 5 site we still maintain)

No AntiSpam

http://drupal.org/project/antispam has nothing for webform submissions. It can apply to webform nodes, which is quite different, and is geared toward submitting nodes unpublished and alerting administrators by e-mail rather than preventing spam e-mails from being sent through a contact form.

Hashcash Problems with File Upload

A client user reported problems uploading images or files, with Hashcash giving its error message about JavaScript not being enabled (when JavaScript was enabled).

*Your hashcash value failed. Please ensure you have JavaScript enabled in your browser*

Quoth the client:

I was trying to attach a document (PDF) to the event page, and it
wouldn't let me. I'll have to check into the Java Script thing when I get into the
office.

So, as professional Drupal developers, we jumped right on the case... and filed an issue. Ended up, though, with us posting the same workaround there that you can read below.

We disabled haschash, and attaching documents worked again, but of course the spam came back. After fixing that request we phrased it like this:

However, I have tweaked the settings for this anti-spam technique so that it should still work on the contact form but *not* affect any other forms.

Sounds almost good enough to charge for, but we didn't as it's pretty much cleaning up our own misconfiguration.

The fix, to be clear, is to checkmark "Add Or Ignore" (which really means add) at admin/settings/hashcash and include (for us at least) the following forms:

user_login
user_login_block
user_register
webform_node_form

You'll want to look up the form ID fro the default contact module if you're using that.