You can use a captcha or a randomly-generated hidden token in order to enforce the expected flow chain, i.e. avoid direct form submissions using curl or any HTTP request forgery tool. This will also help you get protected against the CSRF exploit.
You will check the consistency of the token before executing the [supposedly heavy] logic of processing the actual form (database accesses, e-mail notifications, etc.).
However, as other users pointed out, this will NOT prevent the HTTP server from receiving and dispatching the malicious requests, and spawning a PHP process. Better than nothing though.