PHI got spammed by PFM. Read several threads. Just integrating a dropsown and making it required is NOT enough. I got that already, bots kept sending spam. So i did a very easy but effective Spam Protection for you PHM.
1. Insert a field "spamcheck" in your form, labeled "Spamcheck: 10+10+5=" eg
2. make this field required
3. insert this little piece of code into the function check_required():
$spamcheck = 25;
$problem = false;
$errors = '0|You entered a wrong spamcheck string!';
Easier than Captcha, but quite effective...