Captcha is a half measure. I don't know how, but the bots bypass it. Only reCAPTCHA v1 (image recognition) will do. Versions 2 and 3 skip bots.
A more radical option is asynchronous form loading. That is, load the form via AJAX on a button or after loading the page. Bots are not friendly with JavaSript as far as I remember. I use this method, there is no spam for more than a year. This option does not torment the user's eyes and works great.
Additionally, you can "encrypt" the contacts that are published on the site. For example, like this:

<!-- Наши ссылки на контакты -->
<a id="phone" href="tel:бот">берет</a>
<a id="email" href="mailto:за">щёку</a>

<script>
// Ожидаем когда страница загрузится
document.body.onload = function() {
   // Делаем подмену номера телефона
   $("#phone").text("89009009090");
   $("#phone").attr("href", "tel:89009009090");

   // Делаем подмену email
   $("#email").text("[email protected]");
   $("#email").attr("href", "mailto:[email protected]");
}
</script>

If you make asynchronous forms and hide contacts in a similar way, then automatic spam is unlikely to be possible. However, beware of stubborn managers who send spam with pens.
And do not write anything about cheeks) there is a possibility that the user can see the content in the links before the substitution, if the Internet is weak.

with left numbers and addresses

Always validate what can be "left": language, country, region by phone number, city, address, etc.

I solved the problem with the Advanced noCaptcha & invisible Captcha plugin.