[newaccount74]

I have a bunch of publicly accessible forms and none of them have captchas.

I did once run into an issue where a signup form was abused by a spammer, but that was a simple fix (tip: in verification emails, do not include any information that the user typed in the form).

If you are careful with your forms, you don't need captchas. Captchas add a lot of friction for some users, so if they can be avoided, they should be.

[mpalmer]

Many captchas add friction for some users, but some types don't; there are relatively fast "proof of work" captchas that aren't surfaced to the user at all.

[AnthonyMouse]

CAPTCHA: Completely Automated Public Turing test to tell Computers and Humans Apart

Proof of work isn't a CAPTCHA.

[throwawaymobule]

can you explain what you mean by that tip? was this spammer using your verification emails to send spam or something?

or was it more complicated, like not needing to store which fake account had which details?

[newaccount74]

The registration form had a name and an email, and I sent a message similar to the following:

Hi <name>, thank you for signing up...

The spammers put their spam message in the name field, so my server started sending messages like this:

Hi Get free cialis now http://example.com, thank you for signing up...