It’s better to just set pre-moderation (and leave a cookie after the post, so that if the person is not a bot and his comment is approved, he will automatically pass moderation on this cookie)
Many people do this, and it works.

If you put a captcha, then any Hrumer will bypass it. If you really want to break off the bots, then change the name of the fields, for example, where to enter mail, put name="nameUser" there, and where the name is entered there - name="email". Of course, the bot will stumble on this for sure, and the users will not care.
You can also use hidden fields, for example name="url" and style="display:none;". If something is entered, then send it, if not, then everything is ok.
In addition to the above two methods, I also use a timer (well, an anonymous person cannot write a comment, enter a captcha and fill in the name field in one second).
I have not seen spam for two years in the comments from anonymous people.

use

Bots just shit with meaningless comments - no better. You understand that now they are not even interested in whether an active link has appeared or not? They stupidly shit everywhere and take in quantity.

I don't think it will work. what prevents a person from writing http://?
or just no prefix, just an address. For example habrahabr.ru

They are afraid of wolves - do not go into the forest.
What if you need links? For a photo, an article?

You should not overshadow the life of your own users with such prohibitions :) Yes, and it is better to choose a captcha that is convenient for a person.

Links should be made non-clickable. You won't be able to kill at all.
Instead of captcha (or together with it) - encryption of field names. This is already quite a "strong" protection against auto-spam. If we add to this a simple algorithm on the server that tracks and changes session identifiers, we get protection against brute force, etc.
All this has already been done in great abundance, and, as a rule, is available in frameworks.