As a counter-point, the uncaptcha[0] research project used Google's free Speech-to-Text service to solve reCAPTCHA at a reported 85% success rate.

I'm convinced CAPTCHA are no better than fake/dummy security cameras.

[0] https://github.com/ecthros/uncaptcha

Admittedly it's not calculated so it may be a stretch, it's based on the assumption that the vast majority of spam out there just looks for forms to submit without smarts (which is also why honeypots can be pretty effective, especially if you have a small website that nobody will take the effort to work around it.)

I've seen people report that they have reduced spam to near nothing already with just a honeypot, but of course I can't verify those claims.

Judging by the downvotes (despite answering the question truthfully), I see it's not a good way to present ourselves, and frankly we don't have to make that claim. It's hard to estimate the real percentage, our customers are happy but measuring what is no longer there is tricky in the real world.

I will change the wording on the website and remove the percentage.

People take quantitative claims seriously. I wouldn't make them without being able to defend them in an intellectually rigorous way.

> I've seen people report that they have reduced spam to near nothing already with just a honeypot, but of course I can't verify those claims.

Can verify from personal experience. I once implemented a simple honeypot approach on a small blog site. It immediately cut down automated "drive by" comment spam to almost nothing. I never tried to quantify it, but it was the difference between dozens of spam comments a day and maybe one or two a week (which I assumed were probably manual submissions).

Most spam bots are pretty unsophisticated it seems, and do not pay any attention to a honeypot field being hidden either by CSS or JS.

It should be fairly easy to set up two open wordpress blogs, one with the captcha and one without.

After a few months you check how much spam arrived at either and get your number?