If you see the string but your entry is not correct, it might indicate some kind of $_SESSION problem, since that’s where the correct string value is stored.
As for techniques, here are some of the ones available as options in the SPForm snippet:
Regular Captcha (now broken by most bots)
Math Equation Captcha
Hidden field that bots will fill in (broken by some bots)
Timer so bots that fill in the form too fast or too slow get caught
Requirement that mouse and/or keyboard be used
Another choice is Mollom, which seems to be very powerful and only shows CAPTCHA images for suspicious entries. It allows a user ID to be sent so regular users won’t have to respond to a CAPTCHA challenge. No snippets have it built in, but there is a class file that you can integrate yourself.
Another choice that some people have reported success with is Bot Scout (
http://www.botscout.com/).
I’ve been using just SPForm for over a year on several sites with various options and get virtually no spam through them.