Richard Damon wrote:
For other types of bots, having a key on the page that is needed to be returned will help, as it will catch bots that "know" what the subscription form looks like and just go around trying to submit it. Even better is to give out different keys each time, and checking that the key isn't too old or too young (figuring a human will take at least a few seconds to fill out the form, but the bot won't be patient enough to do that).
Except for the "too young" part this is what is implemented by http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1371. Too young could be a useful addition.
But, as Stephen points out, if the people who deploy these bots are really interested in "getting the job done", they will figure out all these tricks and deploy new bots that will succeed in spite of us.
The asking of a question which requires an "obvious to a human but extremely difficult to a machine" answer is probably the best defence as long as the questions and answers aren't fixed over many Mailman installations.