Spam is a widespread issue with many and all websites that accept user input. Whether be it a contact form, a comment system, a forum, or any other type of service, you are subject to spam. Ever since the fight against spam begun, hundreds of prevention tools have arisen, with some failing and some succeeding to a certain level.
Since spam is a problem with small or large websites, applying prevention systems is a definite must. We discuss five prevention methods that can help you fight spam whether your website just contains a contact form or whether it is any other service.
Akismet
Akismet, Automattic (the company) kismet, is an anti-spam prevention tool first created for WordPress. It precisely removes or un-approves comments that seem to be spam by using its own complex algorithm as well as from continued usage. Akismet has been doing a great job of removing spam from blogs or other services with a low report rate of it actually removing user posted comments caused by mistaking them for spam. Due to the success of Akismet for blogs, their API has broadened its reachability making it available to anything you decide to implement it for.
For example, MyBB, a forum software, has created a plugin or addon that utilizes Akismet for user registrations and posts alike. Thus, because Akismet can be implemented anywhere, it is a great spam prevention solution anyone will recommend if you are in a losing battle against spam, which is usually the case for any website owner.
reCAPTCHA
reCAPTCHA, an acquired project by Google, adds an extra layer of security to all your forms using a new twist to standard image CAPTCHAs.
Here is how it works: Pages from physical books are scanned and digitized, and then the text is identified using a process called OCR (Optical Character Recognition), leaving an imperfect result, with words that have not quite been kept in their original format.
For example, a sentence such as “This aged portion of society were distinguished from” was recognized by the OCR as “niis aged pntkm at society were distinguished frow”, however, because OCR is not perfect, it is what creates the CAPTCHA system. All words that were not quite clearly recognized are used for the CAPTCHA image for humans to identify. Now that you know what is behind the project, we will dive right into its benefits and how it can help you prevent spam.
Despite the process of how reCAPTCHA works, the words selected are slightly distorted to make it difficult for bots to distinguish. With that said, we can easily identify the correct combination while bots struggle, making reCAPTCHA a great solution for added security for your forms as it definitely beats the use of using other basic CAPTCHA methods.
MailHide
MailHide is a new safe twist to leaving your email address lying around on your website. It basically hides a major aspect of your email address and replaces it with three clickable periods. When these periods are clicked, a reCAPTCHA block appears asking you to confirm if you are human by using its image verification system. If you passed the reCAPTCHA verification block, it proceeds to displaying the email address. While there are other ways such as encrypting the email address via the source code, MailHide seems to be a great intuitive way that can reduce spam if not get rid of it completely. MailHide is a reCAPTCHA creation, a free to use tool available to the general public.
Intuitive Security Measures
Despite all that we have mentioned, there is a plethora of other spam prevention systems that have sprouted to fight the ongoing spam dilemma. One of the types of spam prevention systems that have sprouted are drag and drop security measures such as a shape identification system. The way it works is you are told to grab a shape from a pool of a few shapes. You drag the correct shape into the shape box, and if correct, the form submits.
The great thing about this is that bots do not have the ability to drag and drop objects preventing them completely. Some of these prevention systems also include a JavaScript disabled option to cover other platforms eliminating the drag and drop to a click option.
Image Selection
Another new spam prevention system that has started to appear as a notable prevention system is image selection systems. The way it works is you are asked to select multiple images of the same category. For example, if it asks you to select all cat images, you must highlight every image of a cat in order to be able to submit the form. While it may seem like a long process for your users, it is a fun and intuitive way to eliminate spam.
How Spam bots Work
Now that we have covered a genre of spam prevention tools, let us dive right into how these spam bots work. Spam bots intelligence is based on how complex the creator of the bot made it. For example, the majority of spam bots we know about that bypass image verification systems such as CAPTCHA are built mainly as OCR systems. Therefore, what image verification systems they can bypass really depends on how simple or complex their OCR system is. Other simple spam bots include mathematical computation bots that bypass mathematical type spam prevention questions.
Overall, the type of spam prevention measures you take really depends on how your service or website is intended to be used.
If you create a rather new and specific spam prevention measure, you should be fine until the creators of the spam bots begin to gain interest in your service. In such a case, I would highly recommend more complex spam prevention measures such as the intuitive tools mentioned earlier that work based on dragging and dropping objects. While requiring JavaScript may be the case for such a prevention system, it is definitely worth it as the users who do not have JavaScript enabled today are very rare.
Your Turn To Talk
How do you prevent spam on your own site(s)? Please take a minute to leave a comment below, I’d love to know how you deal with the issue.
Author: GrindSmart Media
GrindSmart Magazine is an adventurous blog that focuses on web development articles within a wide range of topics which aim to inform and challenge the minds. Follow GrindSmart on Twitter here.
At a recent project including Askimet and reCaptcha, its ridiculous how easy it is to implement and use Akismet. We have now removed the reCaptcha because Akismet works just so well :)
While undoubtedly CAPTCHA and related systems work wonders against spam, the fact that they require user interaction has always been something that bothers me. I’ve no data of my own but I wonder how much these affect conversion rates on sites?
A number of times I’ve abandoned a process because of a CAPTCHA, although usaully because it’s been badly coded or doesn’t work without JS on (NoScript user).
On the other hand Akismet is an absolute godsend, I love how it catches every bit of spam on my own blogs.
The main method I prefer for client sites is to simply use a bit of CSS http://www.divisionbyzero.co.uk/2010/07/29/how-to-beat-form-spam-with-just-css/
It’s never let me down yet!
http://antispambee.com – anonymous and registration-free antispam plugin for wordpress.
Text-based Authentication is a thing of the past and still continues to be a problem for most people along with it still allowing for SPAM/BOTS to get through you have to now contend with Phish Attacks. Anyone that has ever used CAPTCHA and/or RECAPTCHA know that is becomes a complete hassle trying to decipher the random words along with have to start over if you input the incorrect verbiage.
Now imagine if you have bad vision and need to go online for something, it is a complete nightmare and make the online experience not very enjoyable for anyone.
At first you had some kind of text-based authentication which was single word and those usually are random letters, numbers and symbols but those can be easier broken, so along came RECAPTCHA which use any two random word to authenticate. These words cannot be read half the time and sometimes the wording combination is offensive..
Confident Technologies has created a unique Image-based Authentication and Verification solutions that can be imbedded within WCM’s. As an example our Images-based Captcha solution offers pure ease of use and more security from BOTS and SPAM when websites have web pages where users can comment, register or blog. Because we are inherently easier the end user has a higher quality experience resulting in less abandons and more loyalty.
What are the benefits for Image-Based Authentication?
Will not require an individual to read random lettering for authentication.
Allows the use to either use pictures and/or single letters to authentication
Will not take up company bandwidth
Since our Image-Based Authentication is customizable is allows the opportunity for generating an extra revenue stream by advertising within the Image-Based Authentication process. This can be developed for any vertical market, any marketing campaign and pretty much in any language with limited restrictions.
Our CAPTCHA products are available for PHP, ASP.NET, Python, WordPress, Drupal and Joomla; it is FREE and as easy to implement as recaptcha.
http://demo.confidenttechnologies.com/
I agree with Jonathan that CAPTCHAs can add extra friction to forms. Also, many of these solutions are not accessible. For these reasons I never use them and prefer to use a honeypot form field hidden with CSS combined with a few other techniques…
Akismet with WP-Spam Free catches so much it scares me. I didn’t think there could be that much out there. Thank the heavens for these two plugins. woot!
Could someone post a link to a tutorial for one of the drag and drop forms I’ve been seeing?
I used reCaptcha but now i think i will replace it. Thx!
Wong it!
http://www.mister-wong.es/users/501307113/
Great tips, but you forgot a great wordpress plugin, Bad Behavior, which prevents known spammers from entering your site in the first place!
Thank you all for your comments! We greatly appreciate your detailed or brief input :)
I’m using CONDITIONAL CAPTCHA For WordPress and it works like magic. Spam has been cut down by 95% since I installed it over a week ago. I even blogged about it ;-)