[hombre_fatal]

There's certainly a period of time where that solution is sufficient as it stops the lowest level of drive-by <form> spam.

But it also sucks the first day you get an attacker who solves it once and then spams you thousands of times.

Modern spam tools are pretty impressive these days and minimize the targeted work the human spammer needs to do in these cases. In the early 2000s, you could set a custom question and then assume no attacker is going to manually code for your little blog.

But even in 2008 I was using spam software (out of curiosity) where you could import a massive blog list, and it would pause spamjobs with failed comment submissions, let you pencil in a value for this unknown field, and then click resume.

You could also choose other actions for that field like "prompt me each time" and sit at your computer multiplexing your labor across hundreds of blogs. And that was pretty polished ten years ago.