Could you share the strategies you have followed to avoid captcha completely (Even avoiding showing random pics etc) and still be secure.
Can you suggest me some other solutions that does not involve any action from the user.
CSRF protection may or may not save you from spam attacks but should be present anyway.
This article may help: https://davidwalsh.name/wordpress-comment-spam
Jan Vladimir Mostert
Idea Incubator
Jan Vladimir Mostert
Idea Incubator
Include some fields which are hidden by CSS, but that has names such as email, first-name etc. If a human fill in the form, they won't fill in those hidden fields, if a bot fills in the form, they will probably fill in those fields in which case you can ignore those submissions.
Alternatively, you can track mouse cursor movement, if there's no mouse cursor or onclick triggered when the form is submitted, then it's probably also a bot.