I’m not interested in doing international business, so inconveniencing visitors from outside the US is not a problem for me. 90% of my form spam comes from the Russian Federation, with the remaining 10% scattered mostly from other international traffic. The simple rule below stopped all of it:(ip.geoip.country ne "US") or (ip.geoip.country ne "CA")
Action: JS challenge
The problem is that all my US traffic gets the challenge, and Google’s business pages removed my website from the listing until I forced it back in.