My own website is slated to use captchouli at some point in the future.
You can also use a hidden input field that a user would never interact with, but a bot would send an input to. Then you can safely block all requests made from that input field.
That's hardly foolproof, but the only reliable ways that I know of that do not require user input are JS-based and make determinations using analytics. So basically, what you're asking for is botnet.