I only use CAPTCHA in one place on the site, the account request form. I've tried several different schemes in the past, but the spambots are wise to them. The math CAPTCHAs, for instance, are useless. But the latest update to the CAPTCHA module lets you try some other things. I went with the simplest one, which requires you to type a certain word (please don't repeat it here) into the form. You can't even change the word: it's hard wired. I thought, "There's no way this one will work." I was merely testing it so I could eliminate it and move on to something else.
But, guess what? Since I switched to this latest CAPTCHA, no bots have gotten through. That means, when I get a new account notification email, I know it's a real person and can approve it very quickly. If this keeps working, I'll consider turning off admin approvals and letting people have instant access to their accounts. That opens up the possibility that a spambot could get wise and get through. But it also rewards legitimate members with immediate access to their accounts.
Spambots have hurt the site by forcing me to spend more time sifting accounts than creating content. So I hope this latest solution will hold for a while.