…or, how I stopped worrying and loved the spam.
Ok, I’ll say it right away (maybe you have guessed it already). Captcha’s are evil. There is no point for them to exist. Nobody should use them. Why, you ask?
CAPTCHA is an automated test with the purpose of telling humans and “bots” apart. It’s very popular for signup forms, contact forms, comment forms etc. For the developers, it’s very easy to implement since there are many solutions which can be used with minimal configurations. The reason that captcha is being used, is to prevent automated scripts from scanning the page, finding forms and submitting spam. Captcha is very safe, and a sure way to prevent this.
Problem solved, right? Nope… a problem was solved, but the wrong problem.
The ones who benefit from this solution are the developer (who doesn’t have to figure out advanced ways to prevent spam) and the site owner (who is safe from spam). One who doesn’t benefit from this solution is the visitor, who has to pass crappy captcha tests all over the internet. Even worse, if the visitor belongs to a group with poor eyesight, like the elderly or the visually impaired.
Spam is the website’s problem, so the solution should burden the developers and the site owners/administrators. Not the site visitors!
For a portal I recently created I opted to have contact forms and comment forms with no spam protection at all. Of course the comments are moderated, so there was no danger of spam messages appearing under our articles. After about one month, the first bot found our site. It sent around 500 messages which were very easy to delete. And since all those messages where following a specific pattern, it was very easy to create a filter for them. Two more months have passed, and no bots have visited us again.
What I am trying to say is that, depending on each project, you can find creative ways to deal with spam, without bothering the visitor. Make his user experience lighter and better, and he’ll keep revisiting your site.
Another creative way, is what youtube does with comments. It lets everything through and then it is up to the community to do the moderation. Most of the times, it works. I do not agree 100% with this method (since it goes against what I was saying about moving the problem to the user), but at least it doesn’t force the user to do anything. It just leaves it at his discretion. (Which maybe better, because it makes him feel that he is offering to the community).
Now, are all captcha’s THAT evil? The answer is no.
As long as your automated system does not mess the user experience, then your method is just fine. It doesn’t even have to be 100% bulletproof. No spammer will ever adjust his scripts based on your site (unless he has something against your site, or unless you are that big). Clever solutions can do the trick. Think of Honeypot or Measuring Time. And of course Akismet.
Whatever your method, just keep in mind that user experience > spam prevention.