Reduce spam without hindering usability

If your website lets visitors sign up, join in, or add comments and reviews, then—in addition to the legitimate details you want people to contribute—you’re getting some garbage. Some of this garbage is sent by spam bots.

Spam bots post content that detracts from your website. Spam lowers your site’s perceived quality. Spam posts may include links that pull traffic to competing sites or trick your visitors into a scam. The cost of spam is hard to quantify.

Plenty of experts recommend methods to avoid spam. But in a series of user research studies, I observed that anti-spam measures impose a cost of their own. They can add friction that causes visitor abandonment and attrition. The cost of this is easier to quantify.

Some anti-spam measures impose more pain than others. I decided to assess and compare them.

The goal: less spam and lower excise

My assessment has two drivers:

  • no spam, with benefits the site owner and its users,
  • no excise—the “tax” that users pay with extra effort.

My assumption is that it needs to be easy for legitimate site visitors—the readers, members, or customers that you want to serve. Sadly, many spam-fighting methods burden site visitors with excise—extra tasks—some of which are difficult to do.

Anti-spam options can present users with difficult tasks

Fortunately, some spam-fighting methods don’t burden your visitors.

Usability of anti-spam methods

Here’s an assessment of common anti-spam methods.

Anti-spam methodAttributeScore
Do nothing: Don’t automate your spam-fighting. Assess all entries by hand to identify spam.Simple
Easy
Quick
Accessible
Less spam
Total
1
1
1
1
0
4
Re-Captcha reboot: A service that considers the user’s entire engagement. Catches 99.8% of bots. Read more.Simple
Easy
Quick
Accessible
Less spam
Total
1
1
1
1
1
5
Spam-filtering service: A third-party service that assesses the input and flags likely spam. Read more.Simple
Easy
Quick
Accessible
Less spam
Total
1
1
1
1
½
Load- and submit time: If a bot fills a whole form inhumanly fast, the data is discarded. Read more. And more.Simple
Easy
Quick
Accessible
Less spam
Total
1
1
1
1
½
Duration of focus: If a bot fills each box on a form inhumanly fast, the data is discarded. Read more. And more.Simple
Easy
Quick
Accessible
Less spam
Total
1
1
1
1
½
Unique tokens: It’s harder to get a unique token when spam-bots repeatedly fill a form. Read more.Simple
Easy
Quick
Accessible
Less spam
Total
1
1
1
1
½
Admin tasks: Give weird names to boxes spam-bots look for, and rename them often. Read more.Simple
Easy
Quick
Accessible
Less spam
Total
1
1
1
1
½
Honeypot: A spam-bot will fill a text box in isible to humans. Read more. And more. Still more.Simple
Easy
Quick
Accessible
Less spam
Total
1
1
1
½
½
4
Invisible to spam-bots: Users select an option or enter data in a box that spam-bots can’t see. Read more.Simple
Easy
Quick
Accessible
Less spam
Total
1
1
1
0
½
Social-media login: Users sign in to confirm they’re human, not spam-bots. Read more.Simple
Easy
Quick
Accessible
Less spam
Total
1
1
½
½
½
Review-details page: Users review an extra page of text that spam-bots do not analyze.Simple
Easy
Quick
Accessible
Less spam
Total
0
1
0
1
½
Logic question: Users perform a task spam-bots can’t do—moving or sorting certain items. Read more.Simple
Easy
Quick
Accessible
Less spam
Total
½
½
½
½
½
Live code: While using the form users agree to be sent a code that they then enter on the form.Simple
Easy
Quick
Accessible
Less spam
Total
1
½
0
0
½
2
Image-recognition Captcha: Users select images that match the instructions.Simple
Easy
Quick
Accessible
Less spam
Total
0
0
0
½
½
1
Audio Captcha: Users type a word that they hear when the site plays a sound snippet for them.Simple
Easy
Quick
Accessible
Less spam
Total
0
0
0
½
½
1
Saved code: While using a form, users enter a code they got, and saved, in a previous session.Simple
Easy
Quick
Accessible
Less spam
Total
0
0
0
0
½
½
Text Captcha: Users read the text in a distorted image, and then type it into a text box. Read more.Simple
Easy
Quick
Accessible
Less spam
Total
0
0
0
0
½
½
A comparison of common anti-spam measures.

Here is the scoring rubric

Simple

  • If the task is readily understood the first time by most people, it gets a score of 1 in the Simple column.

Easy

  • If the task is done correctly the first time by most people, it gets a score of 1 in the Easy column.

Quick

  • If the task duration is short for most people, it gets a score of 1 in the Quick column.
  • If a method requires the user to switch to another application or device, it loses ½.

Accessible

  • If the task is not a hurdle to users who rely on assistive technology, it gets a score of 1 in the Accessible column.
  • If the method adds no task for the user, then it gets a score of 1 in each column.
  • A task that can be skipped gets only ½ in each column, because the user must process the information before deciding to skip the task.
  • If a method requires the user to switch to another mode—such as from keyboard to mouse, voice, or paper—it loses ½.
  • If the method adds no task for the user, but requires specific formatting for disabled users who use screen readers, it loses ½.

Less spam

  • If all bots would be blocked, it gets a score of 1 in the Less Spam column. A bot’s code can be rewritten—customised—to bypass fight spam-fighting methods, so most methods gets only ½ in this column.

Total

  • The sum of a row’s Simple, Easy, Quick, Accessible, and Less Spam scores.

As you learn of additional spam-fighting methods, you can use the above approach to rate whether the method is Simple, Easy, Quick, and Accessible. Feel free to add columns to rate other attributes that are important to your site-visitor experience. You can also define your own scoring rubric, and then see if you reach the same conclusions.

Surprise conclusion

It’s no surprise that some spam-fighting methods perform poorly for site visitors. For me, one of the surprises in these ratings was that some methods are less desirable than doing nothing, since the “do nothing” row scores high.

After you implement an anti-spam method, ask your usability research to check that it adds little to no excise—little to no extra effort for users.