From Drupal.org:

Honeypot form protection

Honeypot form protection means that an invisible field is added to a form. If this invisible field is filled out (bots will usually put in a value), then the form will return an error. Normal users (read: human beings) won't ever see the field, so they won't fill it out. Even if they do, the field is labeled in such a way as to indicate the human shouldn't fill out the field.

This is not foolproof, though, as many spam bots can detect hidden fields, and they can also be adapted to work around a particular field on your site (this isn't typically the case for smaller sites, though). To prevent against this, you are able to change the field's name from the default, 'homepage', to whatever you'd like.

Time restriction

Humans usually take a few seconds (at least) before they are able to complete a form. Honeypot requires at least 5 seconds to pass (by default) before the form can be successfully submitted. This deters spam bots because they can't afford to sit around waiting until a time limit is up before resubmitting the form.