My client has a small "Contact Us" form on every page of their website. They are adamant about not including CAPTCHA verification on these forms, to keep them easy to use, but I feel it is my responsibility to implement some type of security against brute force attacks, etc. What are my options here, especially those that involve no changes to the UI of the forms.
FYI, the client has ColdFusion 8 as their server-side scripting language, which is currently used to insert the data into the database. The solution doesn't have to be specific to ColdFusion, though. I'm looking for ideas here - not necessarily code snippets.