These look OK.... I'd probably make sure that the validation and the email server behaviors use the exact same Trigger just to be safe. So instead of:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
use:
if ((isset($_POST["CSD_submit"]) || isset($_POST["CSD_submit_x"]))) {
You should remove the comments on the page... You have html comments in the php area. If you want comments you should use php comments, so instead of:
<!-- server side CAPTCHA validation Starts -->
you should use:
<?php //server side CAPTCHA validation Starts ?>
That could be preventing the validation from working properly. HTML comments should only be used below the <html> tag.
Next try adding a hidden form element on both pages with different values and include the value of the hidden form element in the email body. That way when you get a spam message you can narrow down the exact page it is coming from.