Spam is still a huge problem for website owners. Whether through incessant comment spam in blogs and forums, or inane contact form entries, the amount of time wasted by business owners (or their webmasters) on processing and ignoring spam can be considerable.
Captcha came to the fore many years ago and seemed to offer a way of cutting down on the amount of spam by forcing all form respondents to enter a cunningly constructed series of letters and characters (which, of course, spambots couldn’t easily do). This succeeded in reducing form spam, but it also deterred some genuine website visitors from completing and submitting forms because the captcha was too difficult to read or because the captcha was ‘a field too far‘…
I also think that whilst spam is a pain for website owners it shouldn’t be a pain for your website visitors. Why offload the problem onto your potential customers?
Wouldn’t it be better to absorb that pain yourself, or better still put something in place that would not add an extra burden on your website visitors whilst at the same time reducing the amount of form spam you receive? But how?…
Honeypots
I’m gradually being converted to the idea of adding honeypots to my forms.
The basic idea is that you add one or more hidden fields to your form and then only allow the form to be submitted if those fields contain blanks (or some randomly chosen value). Your real human visitors will not see, and therefore not be bothered by, these fields, but spambots (the automated machines that hit your website and fill out your forms with spam) will try to fill these fields in, and if they do then the form submission will be rejected.
Another possibility, and something we’ve successfully used recently, is to add a hidden field to a form and fill it in with the current time. Then, when the form gets submitted we check the form time against the current time. Spambots tend to fill forms out really quickly (a few seconds), so if the time gap is less than say 7 seconds you can be pretty sure that it is spam and can be rejected.
This solution won’t stop all spam on your site, but it should cut it down quite a bit. There is evidence to suggest that forms without Captcha fields to complete receive 20%-30% more conversions, so if you can live with a small increase in spam it might be worth investing in a little honeypot for your forms.
How can I add a spam honeypot to my site?
That depends on how your website has been built. There are plenty of plugins for WordPress and other content management systems, and you can generally find your solution by searching Google for it. Gravity Forms have an option you can check when setting up your forms that lets you switch honeypots on, for example.
Google reCaptcha
Google has been putting a lot of effort into reCaptcha recently.
This offers a way of putting either a minimal obstacle (e.g. ‘I Am Human’ checkbox) in your form, or making it pretty much invisible to normal visitors. This goes a long way to cutting down comment / form spam, but does add some external script calls to your website. We think the additional page load times are probably worthwhile, and so would recommend you look at Google reCaptcha.
If you would prefer us to look at it for you and recommend a solution, just get in touch using our captcha-free form below…
I’ve just written a blog post about spam, scheduled for tomorrow. Hot topic! 🙂