BLOG - EMAIL MARKETING

Stopping Spambots with Two Simple Captcha Alternatives

ROS HODGEKISS - SEP 27, 2012

Update When this post was written back in 2012, it was a simpler time for the internet. Today, spambots are more aggressive and smarter than ever. They come in various forms; sometimes they add obviously fake addresses that quickly bounce, and sometimes they add addresses of real individuals as a sort of harassment.

If you leave your list ‘open’ it’s likely bots will abuse your forms and poison your list. Simple checkboxes and switching your list to confirmed opt-in won’t cut it anymore, but thankfully CAPTCHA has evolved too.

There are many services which offer various kinds of CAPTCHA, some more effectual than others, but today it’s imperative to use some measure to protect your list—and your company’s reputation—from bot abuse.


If you’ve got an email subscribe form on your site, you’ve likely put some thought into how to protect it from spambots and other automated nasties that sign up using bogus information. Sure, you can make your list confirmed/double opt-in or add a captcha, but these aren’t always to everyone’s taste.

But before we go into the specifics of defending your subscriber lists, here’s a little background on what spambots can do. On one end of the scale, they can be merely annoying – you may get a couple of fake subscribers from time to time, no biggie. But on the other, less fortunate end, there’s the possibility of having your forms bombarded, or having spamtrap email addresses added to your lists. We’ve got built-in defenses to protect accounts from both possibilities, but whether you’re building a subscribe form, contact form or an online survey, it’s worth getting wise to home-grown remedies, too.

Captcha

First, I have to tell you that I have a severe dislike of machine-generated image captchas – and I don’t think I’m the only one. For starters, they penalize innocent folks who simply want to fill out a form as quickly as possible. Penalties mean less signups. Really, who wants to give away their personal details, then be forced to complete a task like this?

Top 10 Worst captchas‘, IT Management and Cloud Blog

Ok, so I chose an extreme example there. But the point is, captchas can be hard work, even if you have perfect vision, no history of dyslexia or colorblindness and are fluent in English. For folks with mental and physical traits on the other end of the spectrum, captchas are often impossible to complete.

In short, we don’t recommend that you use a traditional captcha. Instead, here are two friendlier alternatives.

Put a checkbox on it

A common solution to spambot woes is to add a ‘I am not a spambot’ checkbox to forms, which must be checked for the form to be submitted. Called a ‘checkbox captcha’, it uses a checkbox generated using client-side Javascript, thus making it invisible (and uncheckable) to spambots. You can see a good example in this very instructive post on ‘Captchas vs. Spambots‘.

While checkbox captcha is a very elegant solution, the downside is that not all humans have Javascript enabled in their browsers. As a result, it comes with the risk of making subscribe forms unusable for these people.

Hello, honeypot!

Another approach is to use a ‘honeypot captcha’, which works by including a form input that only spambots are tempted to fill in. This checkbox or text field is hidden using CSS, meaning that while most users won’t see it, spambots will. To stop folks with screen readers from falling into the trap, a label like “If you’re human, leave me blank”, or something equally instructive can be added. In a recent post, Paul Boag outlined why it’s his weapon of choice:

Personally, I like this approach, because it doesn’t burden subscribers with extra fields. It’s also easy to implement, doesn’t necessarily require Javascript and allows you to easily identify and weed out dud email addresses. It likely won’t stop all spambots, but it won’t annoy all users like traditional captchas do.

We’d love to hear your story – do you protect your forms using double opt-in, or the methods listed above? Why did you make this choice? Let us know in the comments below.

Straight to your inbox

Get the best email and digital marketing content delivered.

Join 250,000 in-the-know marketers and get the latest marketing tips, tactics, and news right in your inbox.

Subscribe

See why 200,000 companies worldwide love Campaign Monitor.

From Australia to Zimbabwe, and everywhere in between, companies count on Campaign Monitor for email campaigns that boost the bottom line.

Request a demo