WebAIM - Web Accessibility In Mind

E-mail List Archives

Re: I am looking to purchase form code that has spam blockandis accessible.

for

From: Jared Smith
Date: Feb 6, 2009 9:45AM


CAPTCHA is NOT the solution for stopping spam (or arguably anything
else). If you're simply looking to stop spam, you can do so without
burdening the user or influencing accessibility. I wrote about many
techniques for detecting and stopping spam at
http://webaim.org/blog/spam_free_accessible_forms/

We get several hundred and sometimes thousands of spam attempts per
day on the contact form on our site. I've implemented 4 simple
techniques that stop all of it. I get a couple per month - and those
are probably human spammers anyway.

First, I have a short list of 20 bad, spammy words that the message is
checked against. If the bad words are in the e-mail, it shows a
friendly error message and asks them to fix it.

Second, I've added a text box at the bottom of the form that is hidden
with CSS in a way that it does not display and it is not read by
screen readers. In case styles are disabled and the user happens to
see the text box, the label indicates that you should not enter
anything into that text box. Most bots put something into the field
and the message is flagged as spam.

Third, when the page is loaded, I write the current time to the page.
If it takes more than an hour from that time for the form to be
submitted, I throw an error and ask them to try again. Because most
bots don't actually submit the form on your site, but instead capture
the form elements and then re-submit them externally at a later time,
this catches many bots.

Finally, I check the message for some basic patterns of common spam
content. If there are lots of links or urls or if the form contains
code that is commonly used to hack PHP forms ("bcc:", "cc:",
"multipart", or "Content-Type"), I also flag it as spam.

These simple things have no impact on the user and stop 99.9% of spam.
They may be a bit of a pain to implement (I'm happy to send you the
code off-list), but I believe it is should be our burden to deal with
such things and we shouldn't place that burden on the end user in a
way that will always affect accessibility.

Jared Smith
WebAIM