If your website lets visitors sign up, join in, or add comments and reviews, then—in addition to the legitimate details you want people to contribute—you’re getting some garbage. Some of this garbage is sent by spam bots.
Spam bots post content that detracts from your website. Spam lowers your site’s perceived quality. Spam posts may include links that pull traffic to competing sites or trick your visitors into a scam. The cost of spam is hard to quantify.
Plenty of experts recommend methods to avoid spam. But in a series of user research studies, I observed that anti-spam measures impose a cost of their own. They can add friction that causes visitor abandonment and attrition. The cost of this is easier to quantify.
Some anti-spam measures impose more pain than others. I decided to assess and compare them.
The goal: less spam and lower excise
My assessment has two drivers:
- no spam, with benefits the site owner and its users,
- no excise—the “tax” that users pay with extra effort.
My assumption is that it needs to be easy for legitimate site visitors—the readers, members, or customers that you want to serve. Sadly, many spam-fighting methods burden site visitors with excise—extra tasks—some of which are difficult to do.
Fortunately, some spam-fighting methods don’t burden your visitors. Here’s a usability assessment of common anti-spam methods.
|Anti-spam method||Simple||Easy||Quick||Acces-sible||Less spam||Total|
|Do nothing: Don’t automate your spam-fighting. Instead, assess each form and each comment by hand to identify spam manually.||1||1||1||1||0||4|
|Re-Captcha reboot: A Google service that considers the user’s entire engagement to identifies 99.8% of bots. Read more.||1||1||1||1||1||5|
|Spam-filtering service: A third-party service assesses the input and flags likely spam. Read more.||1||1||1||1||½||4½|
|Load- and submit time: If a bot fills out the entire form faster than a human could, their data is discarded. Read more. And more.||1||1||1||1||½||4½|
|Duration of focus: If a bot fills each box on the form faster than a human could, their data is discarded. Read more. And more.||1||1||1||1||½||4½|
|Unique tokens: It can be harder for a bot to get a unique token each time they fill a form. Read more.||1||1||1||1||½||4½|
|Admin tasks: Use non-standard names for elements that bots seek out, and rename elements from time to time, to thwart any bots customised to attack your site. Read more.||1||1||1||1||½||4½|
|Invisible to humans: If a bot fills in a data-entry box humans can’t see—a honeypot—their data is discarded. Read more. And more. Still more.||1||1||1||½||½||4|
|Invisible to spam-bots: Humans must select an option or enter data in a box that spam-bots cannot see. Read more.||1||1||1||0||½||3½|
|Social-media login: Users authenticate by signing in with their social-media account. Read more.||1||1||½||½||½||3½|
|Review-details page: Users review an extra page that bots do not analyze.||0||1||0||1||½||2½|
|Logic question: Users answer a logic question that requires identifying, moving, or sorting objects. Read more.||½||½||½||½||½||2½|
|Live code verification: On the form, users enter a code they receive via text message or automated phone call, which they request while using the form.||1||½||0||0||½||2|
|Image-recognition Captcha: Users select multiple images that match the object named in the text instruction. Read more.||0||0||0||½||½||1|
|Captcha bot: Users type a word provided as an audio cue.||0||0||0||½||½||1|
|Saved-code verification: On the form, users enter a code that they received as text, and saved, during a previous session.||0||0||0||0||½||½|
|Text Captcha: Users read some text shown in a distorted image, and then type it into a text box. Read more.||0||0||0||0||½||½|
Here is the scoring rubric:
- Simple. If the task is readily understood the first time by most people, it gets a score of 1 in the Simple column.
- Easy. If the task is done correctly the first time by most people, it gets a score of 1 in the Easy column.
- Quick. If the task duration is short for most people, it gets a score of 1 in the Quick column.
- If a method requires the user to switch to another application or device, it loses ½.
- Accessible. If the task is not a hurdle to users who rely on assistive technology, it gets a scroe of 1 in the Accessible column.
- If the method adds no task for the user, then it gets a score of 1 in each column.
- A task that can be skipped gets only ½ in each column, because the user must process the information before deciding to skip the task.
- If a method requires the user to switch to another mode—such as from keyboard to mouse, voice, or paper—it loses ½.
- If the method adds no task for the user, but requires specific formatting for disabled users who use screen readers, it loses ½.
- Less spam. If all bots would be blocked, it gets a score of 1 in the Less Spam column. A bot’s code can be rewritten—customised—to bypass fight spam-fighting methods, so most methods gets only ½ in this column.
- Total. The sum of a row’s Simple, Easy, Quick, Accessible, and Less Spam scores.
As you learn of additional spam-fighting methods, you can use the above approach to rate whether the method is Simple, Easy, Quick, and Accessible. Feel free to add columns to rate other attributes that are important to your site-visitor experience. You can also define your own scoring rubric, and then see if you reach the same conclusions.
It’s no surprise that some spam-fighting methods perform poorly for site visitors. For me, one of the surprises in these ratings was that some methods are less desirable than doing nothing, since the “do nothing” row scores high.
After you implement an anti-spam method, ask your usability research to check that it adds little to no excise—little to no extra effort for users.