Unobtrusive spam filter on form

Posted At : June 14, 2007 8:33 PM | Posted By : Robert
Related Categories: ColdFusion

I'm not sure if this is an original concept or just a well known concept in the web-development community however after a couple of months of implementing it on a side project I am very excited by the results (NO SPAM and yes there was traffic :P).

I am very much against anything that makes the user do more work or think more, as from personal experience users are prone to stuffing things up or giving up if things get too hard. So when i implemented the following solution i have to say I think it reached a balance of tricking spam deadbeats and allowing users to communicate.

its very simple.. nothing special just expecting most spammers to modify the value of the "email" field.

and then in the form action all we do is check that email is still what we made it. (you would probably param form.email, man its scary sharing code :S )

<cfif structkeyexist(form,'submitForm')>
<cfif form.email eq 'Real_Person'>
/do your thing
<cfelse>
/do what you like to the spammers.......
</cfif>
</cfif>

This is just a simple mind game with the spammers and would probably not implement it on anything at a commercial level, however for blogs and general places the turkish spam alliance feel obliged to attack (sorry they love our wikki) it appears to be a simple yet unobtrusive solution.

I would be interested to hear negative cases to it and a reference if this was blogged somewhere else..

Comments (11) |

Print |

del.icio.us |

Linking Blogs | 2922 Views

Comments

[Add Comment]

Okay. But where does the person's actual email address go?

You have no text input for the email address.

Josen

# Posted By Josen Ruiseco | 6/14/07 10:21 PM

# Posted By David Sirr | 6/14/07 11:20 PM

Yep exactly.. sorry i didn't put labels in and thanks david for cleaning this up.. the user never sees anything but the form elements and targets them and "email" would be seen as a gimme..

# Posted By robert | 6/14/07 11:38 PM

So... are you thinking that the spammer would try to change the hidden for field in his automated remote form post?

If he were smart enough to know not to change that then the spam goes through?

Am I getting this right?

Josen

# Posted By Josen Ruiseco | 6/15/07 12:45 AM

You're correct Josen.

I do this in CFFormProtect, as well as some other tests. Like you said, Robert, I feel it is not my user's responsibility to prove they are human, and things like CAPTCHA are horrible for usability.

http://cfformprotect.riaforge.org/

# Posted By Jacob Munson | 6/15/07 5:01 AM

Jacob your project is very very cool :)

# Posted By Rob | 6/15/07 9:16 AM

Hi Rob, I've been looking at some similar things and came across the following.

I haven't had time to implement and test it yet but it follows a similar line to your technique but takes it a bit further.

http://ploum.frimouvy.org/?150-the-invisible-captc...
Cheers,
Mark

# Posted By Mark Lynch | 6/15/07 6:50 PM

Thanks Mark very cool..

# Posted By Robert | 6/18/07 1:42 PM

It's been a few months, how is this working for you now?

# Posted By Adrian Lynch | 12/20/07 4:00 AM

Very good as far as i'm aware!

# Posted By David Sirr | 12/20/07 9:23 AM

Hi Josen you could have another email address named anything you want for the user that is not hidden like the one named "email" which is the spam trapper one. You only care if the hidden "email" field's value is changed as that wouldn't be from a user as they couldn't see it to change it.
http://www.batteryfast.com/hp/n6000.htm hp n6000 battery,
http://www.batteryfast.com/hp/n6100.htm hp n6100 battery,
http://www.batteryfast.com/hp/f2019.htm hp f2019 battery,
http://www.batteryfast.com/hp/f2019a.htm hp f2019a battery,
http://www.batteryfast.com/hp/f2019b.htm hp f2019b battery,
http://www.batteryfast.com/hp/hstnn-db02.htm hp hstnn-db02 battery,
http://www.batteryfast.com/hp/dp399a.htm hp dp399a battery,
http://www.batteryfast.com/hp/383968-001.htm hp 383968-001 battery,
http://www.batteryfast.com/hp/f1739a.htm hp f1739a battery,

http://www.batteryfast.com/hp/n3000.htm hp n3000 battery,
http://www.batteryfast.com/hp/n3490.htm hp n3490 battery,
http://www.batteryfast.com/hp/zt1000.htm hp zt1000 battery,
http://www.batteryfast.com/hp/f2299a.htm hp f2299a battery,
http://www.batteryfast.com/hp/f3172b.htm hp f3172b battery,
http://www.batteryfast.com/hp/f3172a.htm hp f3172a battery,
http://www.batteryfast.com/ibm/thinkpad-660.htm ibm thinkpad 660 battery,
http://www.batteryfast.com/ibm/thinkpad-600.htm ibm thinkpad 600 battery,
http://www.batteryfast.com/gateway/m500.htm gateway m500 battery,

http://www.batteryfast.com/gateway/m505.htm gateway m505 battery,
http://www.batteryfast.com/gateway/btp-68b3.htm gateway btp-68b3 battery,
http://www.batteryfast.com/toshiba/pa3382u-1bas.ht... toshiba pa3382u-1bas battery,
http://www.batteryfast.com/toshiba/pa3382u-1brs.ht... toshiba pa3382u-1brs battery,
http://www.batteryfast.com/toshiba/pa3384u-1bas.ht... toshiba pa3384u-1bas battery,
http://www.batteryfast.com/toshiba/pa3395u-1brs.ht... toshiba pa3395u-1brs battery,
http://www.batteryfast.com/toshiba/pa3421u-1brs.ht... toshiba pa3421u-1brs battery,
http://www.batteryfast.com/toshiba/pa3465u-1brs.ht... toshiba pa3465u-1brs battery,
http://www.batteryfast.com/toshiba/pabas069.htm toshiba pabas069 battery,

Another thought, if spammers get wise to this and program their bot to not fill in a hidden email field you could just css style it to "display: none" so it appears like a normal field to something parsing the html source.

# Posted By jim | 9/26/08 3:13 PM

[Add Comment]

Unobtrusive spam filter on form

Calendar

Archives By Subject

Recent Entries

Recent Comments

Subscribe

RSS

Sun	Mon	Tue	Wed	Thu	Fri	Sat
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31