Updated Aug 2013: more ratings of anti-spam choices and more links.
If your website lets visitors sign up, join in, add comments, or enter reviews, then—in addition to the legitimate details you want—you’re getting some garbage. Some of this garbage is sent by automated spam-bots.
You can reduce the unwanted entries that your website generates, but consider who pays the price to ensure your business’ data is clean. Does your business pay? …Or do your legitimate site visitors pay?
Choose usability … and less spam
Garbage data may be a problem for you. But don’t punish your site’s legitimate visitors by making them do your anti-spam work. Many spam-fighting choices burden site visitors with extra tasks—and these tasks can be difficult. Fortunately, some spam-fighting choices don’t burden your visitors.
Here’s a usability assessment* of common anti-spam choices.
|Do nothing: Don’t automate your spam-fighting. Instead, assess each form and each comment by hand.||✓||✓||✓||✓||4|
|Spam-filtering service: A third-party service assesses the input and flags likely spam. Read more.||✓||✓||✓||✓||4|
|Load- and submit time: If a bot fills out the entire form faster than a human could, their data is discarded. Read more.||✓||✓||✓||✓||4|
|Duration of focus: If a bot fills each box on the form faster than a human could, their data is discarded. Read more.||✓||✓||✓||✓||4|
|Unique tokens: It can be harder for a bot to get a unique token each time they fill a form. Read more.||✓||✓||✓||✓||4|
|Invisible to humans: If a bot fills in a data-entry box humans can’t see—a honeypot—their data is discarded. Read more. And more. Still more.||✓||✓||✓||½||3½|
|Invisible to spam-bots: Humans must select an option or enter data in a box that spam-bots cannot see. Read more.||✓||✓||✓||½||3½|
|Social-media login: Users authenticate by signing in with their social-media account. Read more.||✓||✓||½||½||3|
|Logic question: Users answer a logic question that requires moving or sorting objects. Read more.||½||✓||✓||2½|
|Review-details page: Users review an extra page that bots do not analyze.||✓||✓||2|
|SMS verification: On the form, users enter a code that they receive via text message.||✓||½||2|
|CAPTCHA™: Users enter the text from a distorted image into a field. Read more.||0|
* This is how the choices were scored:
- Simple. If the task is readily understood the first time by most people, it gets a ✓ in the Simple column. The first time you encountered a CAPTCHA™, was the task readily understood?
- Easy. If the task is done correctly most times by most people, it gets a ✓ in the Easy column. How often have you failed at enter the correct CAPTCHA strong?
- Quick. If the task is completed quickly by most people, it gets a ✓ in the Quick column.
- Accessible. If the task is not a hurdle to users who rely on assistive technology, it gets a ✓ in the Accessible column.
- If the choice adds no task for the user, then it gets a ✓ in each column. (In the table, these rows are shaded.)
- A task that can be skipped gets only ½ in each column, because the user must process the information before deciding to skip the task.
- Total. The sum of a row’s Simple, Easy, Quick, and Accessible scores.
As you encounter more anti-spam choices, you can use the ratings above to assess whether a choice is simple, easy, quick, and accessible. You can also add columns for other measures, as needed.
One of the surprises in this method is how many choices are less desirable—from the perspective of usability—than “Doing nothing.” Have another look at the table, and see how the first choice—”Doing nothing”—compares to the other choices.