If your website lets visitors sign up, join in, or add comments and reviews, then—in addition to the legitimate details you want people to contribute—you’re getting some garbage. Some of this garbage is sent by spam bots.
Spam bots post content that detracts from your website. Spam lowers your site’s perceived quality. Spam posts may include links that pull traffic to competing sites or trick your visitors into a scam. The cost of spam is hard to quantify.
Plenty of experts recommend methods to avoid spam. But in a series of user research studies, I observed that anti-spam measures impose a cost of their own. They can add friction that causes visitor abandonment and attrition. The cost of this is easier to quantify.
Some anti-spam measures impose more pain than others. I decided to assess and compare them.
The goal: less spam and lower excise
My assessment has two drivers:
- no spam, with benefits the site owner and its users,
- no excise—the “tax” that users pay with extra effort.
My assumption is that it needs to be easy for legitimate site visitors—the readers, members, or customers that you want to serve. Sadly, many spam-fighting methods burden site visitors with excise—extra tasks—some of which are difficult to do.
Fortunately, some spam-fighting methods don’t burden your visitors.
Usability of anti-spam methods
Here’s an assessment of common anti-spam methods.
| Anti-spam method | Attribute | Score |
|---|---|---|
| Do nothing: Don’t automate your spam-fighting. Assess all entries by hand to identify spam. | Simple Easy Quick Accessible Less spam Total | 1 1 1 1 0 4 |
| Re-Captcha reboot: A service that considers the user’s entire engagement. Catches 99.8% of bots. Read more. | Simple Easy Quick Accessible Less spam Total | 1 1 1 1 1 5 |
| Spam-filtering service: A third-party service that assesses the input and flags likely spam. Read more. | Simple Easy Quick Accessible Less spam Total | 1 1 1 1 ½ 4½ |
| Load- and submit time: If a bot fills a whole form inhumanly fast, the data is discarded. Read more. And more. | Simple Easy Quick Accessible Less spam Total | 1 1 1 1 ½ 4½ |
| Duration of focus: If a bot fills each box on a form inhumanly fast, the data is discarded. Read more. And more. | Simple Easy Quick Accessible Less spam Total | 1 1 1 1 ½ 4½ |
| Unique tokens: It’s harder to get a unique token when spam-bots repeatedly fill a form. Read more. | Simple Easy Quick Accessible Less spam Total | 1 1 1 1 ½ 4½ |
| Admin tasks: Give weird names to boxes spam-bots look for, and rename them often. Read more. | Simple Easy Quick Accessible Less spam Total | 1 1 1 1 ½ 4½ |
| Honeypot: A spam-bot will fill a text box in isible to humans. Read more. And more. Still more. | Simple Easy Quick Accessible Less spam Total | 1 1 1 ½ ½ 4 |
| Invisible to spam-bots: Users select an option or enter data in a box that spam-bots can’t see. Read more. | Simple Easy Quick Accessible Less spam Total | 1 1 1 0 ½ 3½ |
| Social-media login: Users sign in to confirm they’re human, not spam-bots. Read more. | Simple Easy Quick Accessible Less spam Total | 1 1 ½ ½ ½ 3½ |
| Review-details page: Users review an extra page of text that spam-bots do not analyze. | Simple Easy Quick Accessible Less spam Total | 0 1 0 1 ½ 2½ |
| Logic question: Users perform a task spam-bots can’t do—moving or sorting certain items. Read more. | Simple Easy Quick Accessible Less spam Total | ½ ½ ½ ½ ½ 2½ |
| Live code: While using the form users agree to be sent a code that they then enter on the form. | Simple Easy Quick Accessible Less spam Total | 1 ½ 0 0 ½ 2 |
| Image-recognition Captcha: Users select images that match the instructions. | Simple Easy Quick Accessible Less spam Total | 0 0 0 ½ ½ 1 |
| Audio Captcha: Users type a word that they hear when the site plays a sound snippet for them. | Simple Easy Quick Accessible Less spam Total | 0 0 0 ½ ½ 1 |
| Saved code: While using a form, users enter a code they got, and saved, in a previous session. | Simple Easy Quick Accessible Less spam Total | 0 0 0 0 ½ ½ |
| Text Captcha: Users read the text in a distorted image, and then type it into a text box. Read more. | Simple Easy Quick Accessible Less spam Total | 0 0 0 0 ½ ½ |
Here is the scoring rubric
Simple
- If the task is readily understood the first time by most people, it gets a score of 1 in the Simple column.
Easy
- If the task is done correctly the first time by most people, it gets a score of 1 in the Easy column.
Quick
- If the task duration is short for most people, it gets a score of 1 in the Quick column.
- If a method requires the user to switch to another application or device, it loses ½.
Accessible
- If the task is not a hurdle to users who rely on assistive technology, it gets a score of 1 in the Accessible column.
- If the method adds no task for the user, then it gets a score of 1 in each column.
- A task that can be skipped gets only ½ in each column, because the user must process the information before deciding to skip the task.
- If a method requires the user to switch to another mode—such as from keyboard to mouse, voice, or paper—it loses ½.
- If the method adds no task for the user, but requires specific formatting for disabled users who use screen readers, it loses ½.
Less spam
- If all bots would be blocked, it gets a score of 1 in the Less Spam column. A bot’s code can be rewritten—customised—to bypass fight spam-fighting methods, so most methods gets only ½ in this column.
Total
- The sum of a row’s Simple, Easy, Quick, Accessible, and Less Spam scores.
As you learn of additional spam-fighting methods, you can use the above approach to rate whether the method is Simple, Easy, Quick, and Accessible. Feel free to add columns to rate other attributes that are important to your site-visitor experience. You can also define your own scoring rubric, and then see if you reach the same conclusions.
Surprise conclusion
It’s no surprise that some spam-fighting methods perform poorly for site visitors. For me, one of the surprises in these ratings was that some methods are less desirable than doing nothing, since the “do nothing” row scores high.
After you implement an anti-spam method, ask your usability research to check that it adds little to no excise—little to no extra effort for users.