Reduce spam without hindering usability

If your website lets visitors sign up, join in, or add comments and reviews, then—in addition to the legitimate details you want people to contribute—you’re getting some garbage. Some of this garbage is sent by automated spam-bots.

Plenty of experts recommend methods to avoid spam, but are you thinking about the burden to your site visitors of the spam-avoidance methods you choose, and the resulting cost to you in abandonment and attrition?

Who should pay to ensure your business’ data is clean, or that all the content on your site is relevant? Should it be your business that pays? …Or do you pass the cost to your legitimate site visitors—the readers, members, or customers that you want to serve?

Choose usability … and less spam

Garbage data, or spam, may be a problem for you. But don’t punish your site’s legitimate visitors by making them do your anti-spam work. Many spam-fighting methods burden site visitors with extra tasks—and these tasks can be difficult.

Anti-spam options can present users with difficult tasks

Fortunately, some spam-fighting methods don’t burden your visitors. Here’s a usability assessment* of common anti-spam methods.

Anti-spam method Simple Easy Quick Acces-sible Less spam Total
Do nothing: Don’t automate your spam-fighting. Instead, assess each form and each comment by hand. 4
Spam-filtering service: A third-party service assesses the input and flags likely spam. Read more. ½
Load- and submit time: If a bot fills out the entire form faster than a human could, their data is discarded. Read more. And more. ½
Duration of focus: If a bot fills each box on the form faster than a human could, their data is discarded. Read more. And more. ½
Unique tokens: It can be harder for a bot to get a unique token each time they fill a form. Read more. ½
Admin tasks: Use non-standard names for elements that bots seek out, and rename elements from time to time, to thwart any bots customised to attack your site. Read more. ½
Invisible to humans: If a bot fills in a data-entry box humans can’t see—a honeypot—their data is discarded. Read more. And more. Still more. ½ ½ 4
Invisible to spam-bots: Humans must select an option or enter data in a box that spam-bots cannot see. Read more. ½
Social-media login: Users authenticate by signing in with their social-media account. Read more. ½ ½ ½
Review-details page: Users review an extra page that bots do not analyze. ½
Logic question: Users answer a logic question that requires identifying, moving, or sorting objects. Read more. ½ ½ ½ ½ ½
Live code verification: On the form, users enter a code they receive via text message or automated phone call, which they request while using the form. ½ ½ 2
Saved-code verification: On the form, users enter a code that they received as text, and saved, during a previous session. ½ ½
CAPTCHA™: Users read some text shown in a distorted image, and then type it into a text box. Read more. ½ ½

* This is how the methods were scored:

  • Simple. If the task is readily understood the first time by most people, it gets a ✓ in the Simple column. The first time you encountered a CAPTCHA™, was the task readily understood?
  • Easy. If the task is done correctly most times by most people, it gets a ✓ in the Easy column. How often have you failed to enter the correct CAPTCHA™ text?
  • Quick. If the task is completed quickly by most people, it gets a ✓ in the Quick column.
  • If a method requires the user to switch to another application or device, it loses ½.
  • Accessible. If the task is not a hurdle to users who rely on assistive technology, it gets a ✓ in the Accessible column.
  • If the method adds no task for the user, then it gets a ✓ in each column.
  • A task that can be skipped gets only ½ in each column, because the user must process the information before deciding to skip the task.
  • If a method requires the user to switch to another mode—such as from keyboard to mouse, voice, or paper—it loses ½.
  • If the method adds no task for the user, but requires specific formatting for disabled users who use screen readers, it loses ½.
  • Less spam. If all bots would be blocked, it gets a ✓ in the Less Spam column. In fact, any bot’s code can be rewritten—customised—to bypass fight spam-fighting methods, so each method gets only ½ in this column.
  • Total. The sum of a row’s Simple, Easy, Quick, Accessible, and Less Spam scores.

As you learn of additional spam-fighting methods, you can use the above approach to rate whether the method is Simple, Easy, Quick, and Accessible. Feel free to add columns to rate other attributes that are important to your site-visitor experience. You can also define your own scoring rubric, and then see if you reach the same conclusions.

Surprise conclusion

It’s no surprise that some spam-fighting methods perform poorly for site visitors. But one of the surprises in these ratings is that many spam-fighting methods seem less desirable than doing nothing. For site visitors, half of the spam-fighting methods make the experience of using forms worse for your legitimate visitors—your readers, members, or customers. Have another look at the table, and see how the first row—”Doing nothing”—compares to the other rows, the spam-fighting methods.