The good news is, I've already done a lot of work and research into CAPTCHAs when I made my web based games. I have a couple of candidate PHP-based CAPTCHAs that I'd like to try out and see if that shuts em up for a while.
One of them, I made myself, and while it's not particularly strong as CAPTCHAs go (I've already been told how to break it), it'd be security through obscurity. Someone would have to go out of their way and design something in their spam bot to break it.
The other, perhaps the CAPTCHA equivalent of brute force, is teabag 3d, which draws a wireframe rendition of the text. I've begun to use it exclusively on one of my web games, and it has stopped all CAPTCHA breakers. I don't personally know of a way it can be broken, although I can see where somebody suitably determined could do it, it's just a question of the amount of effort vs. the reward (spamming a medium sized racing forum, or winning a silly old web game).
Where do I start on hooking one of these CAPTCHAs in, in place of recaptcha or the question/answer?