Spambots are automated programs (like search engine spiders) that scour the internet – these bots however ignore all the rules and look specifically for website forms to fill-in with malicious content (links to porn or viagra sites, malware downloads, password phishing sites, etc). They are a growing menace, and for website contact forms can produce a huge amount of spam email to the website owner.
CAPTCHAs
CAPTCHAs (Completely Automated Public Turing Test to Tell Computers and Humans Apart) require the user to enter a string of text and/or numbers to identify themselves as humans before the form is processed (data added, comments published, email sent, etc). Spambots cannot read these graphics and fail to identify themselves as such, so the form is not processed.
This method can sometimes be quite hard for the user to read the letters and numbers and research shows they may reduce legitimate use of the form. In short, they can harm your business.
Honeypots
The preferred method of spambot prevention at 4W is the Honeypot. Essentially, create a dummy input field on your form and hide it using CSS from humans. Give it an enticing name for the bots such as URL, website, comment, email, etc and label it for any screen readers that may process it (eg: “please ignore this form field”).
Spambots (being simple-minded, greedy little buggers) will read this field in the HTML and add their spammy content. All we then have to do is some simple checks to see if content exists in that field, and can disable processing of the form.
There are some examples of how best to implement this method here.
Funny Captchas
Another consideration is that CAPTCHAs can very occasionally throw up letter or word combinations that may now be suitable!
Further examples can be found here!
