I Hate Web Form Spambots

But i hate captcha more.

Subscribe to Site Feed |

I posted a message a while back about spam in comments and Django. I don't agree with a lot of the opinions I held at the time, however one point I raised that I believe holds true is that the responsibility for spam provention should be the developers, not the user. In short, I hate and completely disagree with "captcha" style spam protection on forms. As a user I find sometimes, in attempt to make the image in unreadable by a computer that the text is so obscure I find it difficult to read myself. This isn't good enough.

This point holds especially true for the project I am currently working on, which has only a simple email contact form. I do not want a valid, human client to have to tackle entering a captcha image or solving a math problem just o send the company a contact. So I set about reading about ways to catch spam on the server side.

My Solution

The solution that i've come up with marries two fairly old concepts together with some fairly simple logic (the success of this is untested, however I think it should be fairly effective - time will tell.. and i'll keep people posted here)

The two techniques I will be using are: timestamping and honeypots.

So what are they?

Timestamping

The concept of timestamping involves sending a timestamp to the form and storing it in a hidden field, effectively allowing us to know when the form was rendered. This is useful for two reasons:

1) We can check that the user spent a reasonable amount of time filling out hte form. The theory here is ...

Posted yesterday Read full article + post a comment