Addressing Form Spam
Enough Already
We've watched the amount of email spam double every six months for the past couple years. Recently, we've seen dramatic increases in the amount of form or comment spam (that is spam that comes through submitted web forms). There are several effective methods of combating form spam that have been developed in recent years including:
- CAPTCHA
The CAPTCHA Project: www.captcha.net - Human Solver
What is two plus four? - User Authentication
You must log in to post a comment. - Moderation
"Your comment will be displayed after it is approved by a moderator." - Content Filtering
Akismet - www.akismet.com | Mollum - www.mollum.com
There are other methods beyond these and Six Apart does a nice job of outlining most of them as does Site Point. In the coming months and years, I suspect that this will be a moving target (just as email spam has been) and no one method will be perfect. There have been recent exploits of some prominent CAPTCHA systems. We have been very impressed with the accuracy of Akismet and the extremely low number of false positives. I wonder if putting your combat methods out in public in the form of a CAPTCHA is just inviting spammers to crack it. Services like Akismet keep the filtering algorithms behind lock and key so it may be much more difficult for spammers to reverse engineer a system of that type.
We are offering a number of these methods as configurable choices as part of the Markup Factory web publishing platform, including Akismet, possibly Mollum, moderation, and user authentication. As of now, my personal recommendation is to go with Akismet if you have any public forms on your website. I'm looking forward to seeing if the new Mollum service can become an avid competitor of Akismet. Good luck guys!