*sigh* Really? Did you read the article I linked? The field is hidden via CSS. If a spammer processes the form with some automated tool, that tool will most likely ignore the CSS, so when sending a request they'll send it with *all* fields filled in. A regular user (using their browser) will *not* see the field, and therefore their request will *not* have data in that field.