Richard Spindler wrote:
I' implemented a very simple captcha, and haven't had a spam entry in my guestbook ever since.
Keep in mind that when you use a image-based captcha, you make part of your site inaccessible to visually impaired users.
For a small-to-medium site, image-based captchas are unnecessary. Instead, you can simply add a text field to the form, and include a line next to it that says "type 1234 in this box to prove you aren't a spammer" (or whatever you choose).
This is much easier to code, accessible to people using text-to-speech software, and just as spam-proof on a small-to-medium site. Spammers only bother writing custom code to handle cases like this if it's worth the hour or two they'd need to spend on it (e.g., if Yahoo adopted this scheme to verify e-mail signups, a spammer would indeed write code to handle it), but no spammer is going to spend any time writing something that can parse this for a guestbook on a site that gets only a few thousand hits per month. (It would be easier for the spammer to simply add the spam manually.)
We provide a trivially modified version of FormMail.pl to our customers that works on such a scheme (<http://support.tigertech.net/formmail#prevent>), and it has 100% solved the problem of automated spambots sending mail to the form's owner.
(For anyone who feels that spammers may use software that can automatically handle "type 1234 in this box", you can easily change the instructions to something that doesn't contain the literal text you're checking for, such as "To prove you're not a spammer, solve the following arithmetic problem: 2 + 6 = [ ]", or "What color is the sky on a clear day?", etc.)
-- Robert L Mathews "The trouble with doing something right the first time is that nobody appreciates how difficult it was."