I recently had a couple spam messages from my contact page, so I thought I should add a CAPTCHA. I did a Google search for CAPTCHA and ASP.NET and did something which I don't usually do, which was to click on one of the sponsored ads, because the name reCAPTCHA rang a bell with me. reCAPTCHA is a project of Carnegie Mellon University and is applying the power of the millions of human being solving CAPTCHAs every day to help digitize books "one word at a time".
The CAPTCHA presents two words that you must type to complete the test. One of the words is a known word. The other word is from a book that has been scanned by OCR and was not recognized. If you correctly identify the known word, you pass the CAPTCHA, and they now have one guess at the unrecognized word. With enough people typing the unrecognized word, you will eventually have a pretty good confidence in that word. They are currently helping to digitize books from the Internet Archive.
And the nice thing for people like me wanting to use a CAPTCHA, is that it's completely free and easy to use. Even though ASP.NET is not on the list of environments they support, there's an ASP.NET server side control available via Subversion on Google Code. After creating an account at reCAPTCHA and getting the keys I needed for my site, I dropped the control in my contact page and just did exactly what was in the sample default page, and it worked like a charm. The whole coding process didn't take more than thirty minutes, and most of that was in tweaking display things not related to integrating the control.