Anti-bot spam with simplicity

Posted At : December 18, 2007 6:07 PM | Posted By : Michael Dinowitz
Related Categories: New Ideas,Spam

Spam-bots are getting smarter. I've seen bots that fill out forms with close to perfect information. I've seen bots that copy blog comments and then add in their spam. I've seen bots that adapt to their situations. What I have not seen are bots that can look at a form like a human does.

Let me give you a situation. House of Fusion has a sign-up form that not only allows for the standard contact information but also allows for multiple alternate email addresses. I've been seeing some spam coming through that has multiple emails of the same value. This reminded me of something very simple about forms - multiple form fields with the same name become a comma delimited list on submit.

This means that two input boxes named email that are both filled with "spam@spam.com" will result in a variable of form.email with a value of "spam@spam.com,spam@spam.com". This is wonderful!

All we have to do to block some of these new 'thinking' bots is have a form with two input fields called email. The display for the first will be email while the display for the second will be alternate email.

On the action page we just have to check that the form.email has 2 items and if they are the same to block the post as spam.

This works great but there are always alternates. While giving this to Clark Valberg for use on the Developers Circuit contact form, he modified the idea into which led to another modification. The first is to take the second email input and label it as something other than email. Zip code is a perfect example as it is something not always required. To a human it looks like a standard form with zip and email but to a bot there's no zip but 2 emails. The second modification is to exchange form fields. Have the email form field labeled zip and the zip labeled email. A human will read the label and enter what is expected (zip in email field, email in zip field) while a bot will enter the wrong values.

These are simple checks that can defeat many of the spam-bots out there today and they all depend on the difference between how a human and a bot sees a page - something that will always be in our favor.

Comments (10) |

Print |

Send |

del.icio.us |

Digg It! |

Linking Blogs | 4464 Views

Related Blog Entries

Modding BlogCFC: Moderated if url is present - Admin Update (October 31, 2007)
Modding BlogCFC: Moderated if url is present - Update (October 26, 2007)
Modding BlogCFC: Moderated if url is present (October 26, 2007)
new mail anti-spam system (December 16, 2006)

Comments

[Add Comment]

I'm not so sure this is a good idea. What if a user is confused and thinks they have to provide an alternate email, but only have one email address? Wouldn't they get flagged as spam? It seems a bit too strict.

# Posted By Raymond Camden | 12/18/07 8:40 PM

If there's an email field with an asterisk next to it saying required and an alternate one without the asterisk then I'm hoping the viewer will have the sense to know that the alternate is not required. If not, a small note next to it saying "not required" may work.

# Posted By Michael Dinowitz | 12/18/07 8:56 PM

ahahahahhaaahhahhh

# Posted By jordan heels | 8/8/11 11:27 PM

There is perceptibly a bundle to realize about this. I consider you made some nice points in features also. =-=

# Posted By Peter | 9/13/11 4:54 AM

Vede??evalka iz kart ni super zanimiva metoda za vpogled va??e . With high hope for the future.A foolish consistency is the hobgoblin of little minds.Were it not for my little jokes.

# Posted By v i a g r a | 9/14/11 6:38 AM

Aw, it was a top quality content. Actually I would like to write like this as well - taking time and real energy to bring about an excellent post... however what can I say... I procrastinate an awful lot and by no means appear to get things completed...