SPAM is the Problem; Is Captcha the answer?
Spam is an ever increasing problem, especially for those with websites, as we host both email addresses in a publically visible environment and web forms (such as a contact us form), which can be dynamically completed and submitted with SPAM based content and sent to spam lists the world over. Now with the upsurge in blogs (we[b logs]) and community places (such as facebook.com or myspace.com) where you can sign up and leave your 2 cents on any forum topic, it’s not getting any better!
Let’s face it; SPAM is never going to go away. Not while there’s a dollar to be made maliciously by some internet fiend. Rather, we have to get smarter about how we present our e-services (such as web forms) or personal contact information (such as email addresses) to our website viewers.
The reason? SPAMbots.
“What are SPAMbots” I hear you ask. They’re clever internet based computer programmes that trawl through web pages on the internet looking for email addresses to harvest, or insecure web forms they can post from. In English; they’re looking for email addresses listed in web pages they can then add to their spam email lists. Once added these emails will never be removed from the lists and from that time on recipients will receive any spam mail outs sent by the SPAMbot‘s creators or their subsidiaries. For this reason, SPWD now suggest to our clients that you don’t advertise personal email addresses in your website.
Certainly not in text format, and not with a mailto: link (email link) added, as this only ensures your email address is picked up by these pesky ‘bots’. The alternative is to use a ‘disposable’ email address. One that is only used by the website to make initial contact with potential website prospects/client/customers/friends, as the case may be. Once you’ve made this contact, you continue correspondence using your ‘real’ email address, ceasing the use of the original disposable email from further correspondence with the prospect. I.e. you might use an email in your website similar to email@example.com. Once you’ve made contact with the website viewer, you continue your correspondence with your personal email address (firstname.lastname@example.org). This allows you to change the disposable email address as soon as it starts receiving too much spam to a new disposable email, such as email@example.com etc, protecting your personal email and ensuring no ‘real’ email addresses are harvested by the SPAMbot.
A second step SPWD suggest to our clients is to make use of CAPTCHA’s in web forms. Especially if your webmaster is receiving numbers of illegible web form submissions, submissions that have obviously been completed by a SPAMbot looking to post malicious emails THROUGH YOUR WEB FORM to its mail list. In English, a SPAMbot trawling through the internet finds your website, navigates to your Contact Us page and auto completes your web form with hacking code in an effort to send a SPAM mailout to millions of users around the world ‘from your domain’! You typically know when this sort of procedure has taken place as you start receiving 10’s, 100’s or sometimes 1000’s of bounced invalid emails.
One step you can introduce to help avoid this scenario is to add a Captcha to your web form. A Captcha is an image displaying a message, along with lines or shades that make it hard for a computer to complete character recognition on, followed by a web form textbox, which asks the ‘human viewer’ to enter the code displayed in the image into the text box field for validation during the form submission.
A Captcha, which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart“ then dramatically cuts down on the number of software based bots that can complete your web forms when using them in this fashion. In short, a Captcha works by issuing a challenge to any entity attempting to complete a web form (be it a contact us page or a login form…). A visual challenge that contains a simple visual test or puzzle that a sighted human can (usually) complete without too much difficulty.
Unfortunately Captcha’s can run into a few problems. For starters, in an effort to ‘read’ and ‘solve’ the Captcha puzzle, hackers are beginning to write bots with character recognition features. While these advanced bot’s are considerably rarer than typical bot’s, there are already cases where advanced bot’s are cracking Capcha’s to setup fake Gmail or Facebook accounts. Another disadvantage standard Captcha's is that they typically only work with visually able human viewers. A blind visitor will struggle to complete a visual puzzle, unless an audible version of the Captcha puzzle is also included. This aside, for many of us using web forms in our websites, a Captcha will dramatically reduce our spam potential.
If you’re interested in upgrading your web forms, or contact us form with the inclusion of a Captcha, why not complete the form on this page and we’ll get back to you with a solution that could save you future SPAM headaches!