[thelist] CAPTCHA

Viggie viggie at viggie.com
Tue Jun 9 02:08:34 CDT 2009

Apart from robotic form submissions, there were manual posters who use
pre-fillers to fill the forms to spam.   The captchas & to some extent
the human intelligence questions may not deter them.   The best way is
to restrict URLs if it was not expected as John mentioned.

I tend to allow URLs only in a specific text field when submitting URLs
are expected/required.  Apart from that, I tend to check
1) whether the form is actually submitted from the site.
2) message does not contain stop words list

These tend to reduce spam much better than captcha.   Also, captcha with
skewed letters puts off many genuine submitters.   Have you ever faced a
situation when after submission your captcha typing was wrong and asked
to try a new captcha word?   Most 'non-geek' people simply click the
close button instead.


On Mon, 2009-06-08 at 09:45 -0700, Gersten, John wrote:

> We looked into captchas and ended up taking a different approach as well. Among other reasons, a notable proportion of our respondents are elderly, and we were worried about adding an additional hurdle for the visually challenged and/or non-computer-literate via a captcha. 
> Ultimately, we decided to eschew a captcha and instead test the form inputs for URLs. If the strings "http" or "https" appear in a form field, the form returns an error notification and the user is directed to resubmit without any URLs in any fields. (We also warn visitors at the top of each form that URLs are not allowed).
> This has reduced our form spam to almost zero, and not a single user has complained about not being able to send us URLs. That said, this approach works for us because the nature of our business is such that our visitor pool doesn't really need to ever send us URLs. And we advise visitors that should they absolutely need to share a URL with us, they are welcome to call.

More information about the thelist mailing list