As Andrew Stein, our Chief Scientist, discussed in his post Are We Still Using CAPTCHAs to Stop Form Spam?, we’ve come to a point where the only people who have trouble reading basic CAPTCHAs are your actual users – not the spam bots.
Here’s three ways to use CAPTCHAs to block the bots, minimize form spam, and make your human visitors happy:
|1. Only serve a CAPTCHA to a spam bot||Eliminates CAPTCHA friction for legitimate users|
|2. Add a Honeypot to your CAPTCHA||Only a bot will fill in the hidden fields, revealing itself as spam|
|3. Use browser rate limiting to catch outsourced CAPTCHA solvers||Even if a human bad actor gets through your defenses, you can block him based on his anomalous behavior|
Understanding the relationship between CAPTCHAs and spam bots
The CAPTCHA report below illustrates an ideal scenario when it comes to serving CAPTCHAs to spam bots on a high traffic website.
Despite a huge spike in traffic from a viral post on January 23rd, served CAPTCHAs remained flat at about 180,000 served per day. This is a strong indicator that this site is only serving CAPTCHAs to spam bots.
As we drill down into the solved versus failed CAPTCHA attempts in the report below, we can see that 589 people were served and successfully completed the CAPTCHA and 97 failed.
Do you use CAPTCHAs on your website to block spam? What’s been your experience? If you’re not a current Distil Networks customer, please sign up for a free trial and take our hardened CAPTCHA technology and CAPTCHA reporting for a spin.
About the AuthorFollow on Twitter More Content by Elias Terman