Captcha: Choice between UX and Spam Protection

Captcha is commonly used on websites for features like user registration and to prevent the spam. While a captcha is good way to prevent spam, its very irritating experience for the users and further when the captcha images are not very clear. This article discusses way to remove captcha images wherever possible and also preventing the spam from generic bots. The solutions mentioned here can only be helpful to reduce spam being generated from generic bot but not the targeted bots.

One difference between a spam bot and human using web-browser is that bot cannot run javascript. So we can make the captcha image hidden in javascript. If javascript gets executed then captcha image will be hidden and user don't have to enter any image.


confidential is the id of captcha text field and captcha is id of captcha image and text field. In code above we have hardcoded the confidential value to malliks we can alternately get it from server each time which is more safe. But spammers can build bots using tools like selenium which can still execute javascript in which case this solution fails.

Another option to prevent generic spam bots is to use hidden fields. We need to add some hidden text fields on webpage. These text fields should be hidden using css such that a normal human will not be able to see these fields and thus will not fill these fields, but spam bots will be filling the hidden fields as well. Based on hide end fields we can detect whether the its a bot or human.

While option1 and option2 are hacks to prevent spam from generic bots, targeted bots can still spam. Hence option1 and 2 works well for small website but for large websites which need 100% spam protection we need to use captcha images. Do let us know if you have more options to avoid captcha images but still protect against spam.

No comments:

Post a Comment