I read an idea (Safer Contact Forms Without CAPTCHAs) to use cookie to protect submitting a form by spam bots. This will make sure that the form is actually submitted from form.php to process.php; not directly to process.php by spam bot.
Is it the only task of Captcha to make sure that the form has been submitted from the original form (form.php)?
I mean is it enough? It is the only way a spam bot can work (directly sending to process.php)? Spam bots cannot visit and send form.php as human do? Then, why we make captcha images as complicated as possible to avoid spam bots to read the content of image?