More Info:
It seems there is a means to spoof Contact 7 that bypasses Akismet, Contact Form 7 Honeypot and even Really Simple Captcha.
This is happening on 7 out of 12 sites that I use Contact 7. I suspect the spoofers simply haven't yet found 5 of them yet.
On one site for example, I have 3 forms with these measures in place. I get several Spam Messages at a time, twice a day. They are automated and within seconds of each other.
Here is the interesting bit: I changed ALL my Contact form message Bodies to see which form was being exploited. e.g.
This mail is sent via contact form (XXX) on Make (Smart Phone) Apps 4 U
BUT, all Spam being sent is not using my Forms but a version that I had originally (standard last line). It is sending just the bare minimum fields and not all my fields, including required fields.
This means the emails are using Contact 7 Form but spoofing my forms somehow.
If I remove Contact 7 it stops. If I just recreate the forms so the ID is different, I still get the Spam emails.
Are you aware of how this is being exploited and if there is any way to resolve this yet?