This excellent article by barn2.co.uk shows 6 Ways to Stop Contact Form 7 Spam in WordPress
The 2 we liked and are now trying are:
Simple quizzes are becoming a popular way to combat contact form spam.
They work by asking the user a simple question such as “Which is bigger, 2 or 8?” Bots won’t be able to answer this question, so the contact form can only be submitted by people who enter the correct response.
To add a quiz, edit your contact form and click the Generate Tag dropdown.
Paste the shortcode that appears below into your contact form. It will look something like this:
<p>[quiz capital-quiz “Which is bigger, 2 or 8?|8”]</p>
Messages Note: Validation errors occurred. I changed mine to read: Sorry, wrong answer! Please try again.
2. Contact Form 7 Honeypot
Contact Form 7 Honeypot is a WordPress plugin that adds a hidden field to your contact form. Since the field is hidden, real users won’t complete it. However, bots won’t know this and will fill it in, allowing the website to recognise them as bots and block their submission.
After you have installed and activated the Contact Form 7 Honeypot WordPress plugin, use the Generate Tag option to create a honeypot shortcode to insert into your contact form.
It will look something like this (Contact Form 7 recommend changing the ID to something unique, so replace xxx-1234 with something else):