Quick note: In reviewing this post with some non-technical friends, I realized that many people aren’t familiar with the term CAPTCHA. A CAPTCHA (or Completely Automated Public Turing Test to Tell Computers and Humans Apart) is the item pictured below - an awkwardly hard to read combination of “letters” and “numbers” that websites make you enter before performing a task.
The end result: Some pretty annoyed users from the CAPTCHA and still a ton of bot spam.
The longer we talk, the more adamant that most are that “the CAPTCHA should’ve worked.” It takes a while, but after a while we’re able to explain that not only will CAPTCHA not work, it’s pretty much never worked.
Back in 2008, James Edwards at Sitepoint wrote an excellent article called “Beyond CAPTCHA: No Bots Allowed!” outlining the problems with CAPTCHA at the time. I’m not going to rehash it, but it’s been over five years since that blog post and pretty much nothing has changed in favor of CAPTCHA. In fact, I’d argue that things have only gotten worse as bot technology has gotten better. Gone are the good old days of PHP and Perl running a list of commands one after the other with no UI, now we’re to the point in technology where we can fully automate real web browsers with plugins set to solve the CAPTCHA themselves or take screenshots of the CAPTCHA for third parties to solve.
Seriously. Most people don’t know this, but there are a whole host of services that do outsourced CAPTCHA solving. Starts at $0.70 per 1,000 images with each one done in under 15 seconds. It’s basically “Phone a Friend” for bot spammers. At this point the only people who have trouble reading CAPTCHAs are your actual users – not the bots.
So what is a website owner to do? The answer is simple: turn to more evolved systems to deal with more evolved bots.
One system to help cut down on form spam is Akismet from the team over at Auttomatic, the makers of WordPress. Akismet works by taking the data submitted to your website, validating it against their externally hosted API, and returning back to you whether they believe the submission is coming from a real person or a bot. For years it’s been the standard for WordPress form spam reduction and an absolute no-brainer for those of you fighting WordPress form spam.
There’s also what we do here at Distil Networks. It doesn’t matter whether the bot comes to your website to spam your forms or steal your data, we’ll block it and make sure it doesn’t come back to your website or anyone else on our network. There’s no additional code to install or maintain and, most importantly, no more development time devoted to keeping your forms spam free. You can get back to building and growing your business.
It’s time we all take the next step.
About the Author
Andrew Stein is Distil's Co-Founder and Chief Scientist. Getting his start running a large online kids’ game, Andrew took his passion for web development to NC State where he became the Senior Web Developer for the Department of Electrical and Computer Engineering. Working on everything from identity management programs to digital signage systems, Andrew has run into a little bit of everything and is always eager for new challenges.Follow on Twitter More Content by Andrew Stein