I maintain a Drupal module, Honeypot (http://drupal.org/project/honeypot), that does this and also adds in a few more protections, like a minimum time limit for submission (exponentially increasing, along with integration with Drupal's flood control mechanism.

I've found it to work extremely well on even some websites specifically targeted by human/automated spammers.

Just having something (some form value) filled out by JavaScript will catch out a large number of bots. I haven't implemented that yet because the site has no javascript (other than ads and analytics).