One very simple way to do it would be to, every hour, have a passphrase generate that is needed to write to your database. Your form could query the database for that passphrase, and drop it into an <INPUT TYPE=hidden> form field and the script recieving the actual post could then check the passphrase. It's simple, but it might be enough to dissuade the spammers.