battling site spam

just a minor issue

Spam, it's been around for a while. First it infiltrated our email boxes, then it found its way to our blogs and registration forms. Spam was a pest, which needed to be dealt with, fast. This resulted in several quick and dirty counter measures, the captcha method probably being the most notorious one. Today, we have better ways to our disposal, but still captchas linger around and hamper our freedom on the web. Let's take a look at some solid alternatives.

battling spam is a piece of cake

countering the captcha

Those of you who are familiar with accessibility concerns know that captchas are a lot of trouble to implement well. Not only do you need audio alternatives for those with visibility problems (if you're using visual captchas, which are most common), there's also the challenge of finding captchas that evade machine intrusion but are still easy enough for humans to figure out.

Even if we ignore accessibility issues for a moment, captchas remain a drag. No matter how easy they are to solve or enter, whenever I run into one I can't help but sigh. It's an extra barrier I'm not always willing to take, especially when I'm not in the mood for leisure surfing. So most of all, they are plainly unneeded on the modern day web.

Protection against spam these days is not very difficult or something to bother your visitors with. Below is a little rundown of both techniques I'm using on this blog.

the birds and the bees

The first method I use on my blog is the honey pot method. It's a very simple solution where you add one extra input field to your comment/contact/register/... form and hide it through css. Normal users will never notice this field, many spam bots will be caught simply because they try to enter every field available in the form. If something is entered inside this field, you can assume you were hit by a spam bot.

For accessibility reasons, a label needs to be attached to the hidden field explaining its purpose so people using screen readers or text browsers understand its function. To be on the safe side it might be better to avoid words like spam or empty inside the label, though I never really ran into trouble with that.

The honey pot is not perfect, and some bots are already adapting to it. But if served me well and still stops a fair share of the spam messages I'm receiving. Still, a few weeks ago I got hit a couple of times by smarter spam bots, so it was time to take extra measures.

akismet

Most blog platforms have a selection of plug ins you can use to battle spam. Akismet was first developed for WordPress, but quickly offered an extra service for people using their own platforms. It is a system that evaluates spam, based on more intelligent techniques. Not only automated analysis techniques, but also indications from blog owners marking messages as spam which got through the Akismet filter in the first place.

It's a system that learns, the more people who use it, the smarter it becomes. It doesn't look at the way spam is entered, but it looks at the message itself and evaluates the possibility of it being a spam message.

Akismet isn't perfect either, but it has the potential to become only better in time, as more people will start using it.

combining both

On my blog, I use both methods. Akismet is a very nice feature, but it's a service and services can go down unexpectedly. It's pretty safe but also not perfect. The honey pot is a little easier to pass but is as solid as can be and is easy to implement.

By using both, I haven't seen any spam pass through anymore. Best of all, no users are harmed in the process. So throw away those ugly captchas and secure your forms in better ways.