The catch all spam form
On my main website (In a coder’s mind) I had to choose a way for people to contact me. Putting my email address in plain form with a mailto: link was out of the question, as it is quickly harvested. I could create an address distinct of my main address but I would have to read it anyway. The efficiency of adding “spam” or other keywords to the mail address to render it invalid to bots can be hard/cumbersome to track and what if the email address already contains the word “spam” (some of my legitimate addresses do !).
So I decided for a site wide contact form. Now the contact form has disadvantages too. You cannot send attachments (in this implementation) or other well formatted emails. And also it is not really devoid of spam. As you have robots that harvest email addresses, you also have robots that search the web for contact forms and to fill them with random garbage, usually in the shape of links to medication websites.
The experiment I ran was to add something to the form that would use the fact that most robots are not human and so don’t read or understand labels (and humans do, at least I hope my readers are in this category). So I decided against Captcha because I don’t really find it an exhilarating experience having to decipher captcha every once in a while (but I understand the reason to). I thought that for my small audience website, spammers would not want to spend time to tailor their robots to decipher labels and so I just put the default label of the contact form to be “Just spam”. While the text on the contact form and the label make it hopefully self-evident that you should NOT use this category, bots don’t read/understand those.
As a result, Drupal my web script is redirecting form requests based on the label to my catch all spam address or my regular website contact address.
I realize all the shortcomings of such a method of course. I haven’t had false positive (yet), but somebody not reading instructions or not understanding english well could be fooled. Also if such a method becomes widespread (I hope not), it will become less efficicient than captcha or heuristic based anti-spam mechanism (and less costly to circumvent). So I may just buying me time, but since it is so low tech and the cost of implementing this was near zero, it may be worth it for now.
Please add your comments and tell me what spam circumventing methods you added to your website.
Comments