Years ago a friend was telling me about a service that paid 10 cents per hundred solved captchas or something pretty cheap sounding, it worked by having you screenshot the area of your desktop and sending it off to presumably a mechanical turk farm of humans who would report back the answer within some time frame. I'm sure they've only advanced as captchas have gotten more interactive and that bypassing one is still pretty cheap.
There's not much you can do if you become "targeted" but having your own even trivial custom captcha seems to reduce spam a lot. Years ago when I helped moderate a small forum, we added an extra input box for registration that went something like "What holds objects down on the earth, noodles or gravity?" and that entirely eliminated spambot registrations. And approximately no one reads my blog, so again no one's bothering to target explicitly, but I've not had a spam problem in ~15+ years with a combination of the <form>'s action lying about where the POST endpoint is (JS is required for the real one) and a captcha input box of "Please join these two "words" together (without spaces): uoguvwwp and urdugjgy" where the 8 letter 'words' are randomly generated.
There's not much you can do if you become "targeted" but having your own even trivial custom captcha seems to reduce spam a lot. Years ago when I helped moderate a small forum, we added an extra input box for registration that went something like "What holds objects down on the earth, noodles or gravity?" and that entirely eliminated spambot registrations. And approximately no one reads my blog, so again no one's bothering to target explicitly, but I've not had a spam problem in ~15+ years with a combination of the <form>'s action lying about where the POST endpoint is (JS is required for the real one) and a captcha input box of "Please join these two "words" together (without spaces): uoguvwwp and urdugjgy" where the 8 letter 'words' are randomly generated.