Normal mail service with normal spam protection.

2) Well, the site has a standard feedback form. It usually comes down to installing a captcha. From the same Google. But I heard that it is bypassed. Wouldn't it be better to install some kind of captcha or "secret question" of your own unique type with ReCaptcha?

Not better. To solve the usual captcha in the corresponding services costs 30 rubles, recaptcha - 50-160.
Invest in a spam filter better. An ordinary client of one local firm will not say "thank you" to you for the difficulties provided, but will spit and use the services of a neighboring one.

Do not use soap - the simplest solution to the problem.
Well, yoksel-moksel, what can you think of from spammers, besides fighting their spam? It is impossible to forbid the cops to look at your documents? Same here.

I have seen postal address obfuscators (for example, here ). They replace part of the characters in the address with the codes of these characters. There are no visual differences, including if you insert such an address into a mailto link. Email programs that open when you click on a link also work correctly. But bots that search for email addresses using regex should stumble over such a mess of characters [sort of].
I put such a link to the site, but I find it difficult to evaluate the effectiveness of protection (in any case, I have not encountered spam streams).
Example:
[email protected] after obfuscation becomes

john.doe@example.com

,
but it looks like [email protected] (I've pasted the same characters here, but without the code tag).

Thanks for answers. I myself have been "smoking" articles on anti-spam for several days. Generally speaking, there is no "holy grail". The first rule of security also works here - 100% protection does not exist - there is only protection that makes hacking economically unprofitable.
Modern bots understand html5, css3, js, are indistinguishable from a browser by cookies and http_referer, use behavioral surfing models, a proxy pool, a script recorder, an editor, a player ... and another bald thing in the form of Indians who solve captcha pictures for $ 0.001 .
This was written about above.
In my opinion, the most effective way out in this situation is to use the specificity of the protected site. For example, on a Russian-language bicycle resource, you can ask human questions on the topic - not just "how much will be 2 + 3", but "write one of the two top bicycle transmission manufacturers" - and already on the backend in PHP compare the answer. "Indians" not only do they not know Russian (and the "laborers" who own it are more expensive), they will not google the answer.
Time is money. Ask a question in "Aesopian language" - a real visitor will not be sorry to spend ten seconds solving it, and a "Hindu-half-bot" will spit and go to waste time on other sites - even a tired Google recaptcha with traffic lights loads the brain less.
As for hiding the mail address - I see reputable offices do not take a steam bath at all - they write in the most open form - they probably transfer the front of the fight against spam to the backend. Although those who wish can apply the same Aesopian language here - write "ivanpetrov on a rambler" - a person will understand, and an ordinary bot scanner will fly by.
Again, this has already been written about.
Well, it’s also easy to google about protecting forms - hidden fields, timings, etc.
And one more thought - come up with non-standard names of boxes. I believe that [email protected], [email protected], [email protected] and similar obvious names are sorted out by bots on any site.