If you’ve got a form on your site, you’re likely to receive spam. And since spam has existed, so have methods of preventing it. Last year, Google took the unusual step of creating a CAPTCHA free method of sorting the bots from the humans, creating a much smoother user experience.
But before we get into the cutting edge of spam-busting, let’s take a quick look at the evolution of CAPTCHA and the science behind it.
CAPTCHA stands for “Completely Automated Public Turing Test to Tell Computers and Humans Apart”. You can see why they gave it an acronym.
Essentially, the CAPTCHA was developed in the early 2000s as a way of telling whether someone was a human or robot - a sort of Turing Test. The test wasn’t completely automated – us humans had to attempt to decipher some warped text - illegible to computers - and hope we got it right. It did the job.
And with so many internet users completing these tests every day, Google saw an opportunity for something more. After purchasing CAPTCHA in 2009 it became reCAPTCHA and we were put to work decoding old pieces of literature, whether we realised it or not.
Unfortunately, the free transcription service wasn’t to last. A 2014 study by Google found that AI robots were able to decode the CAPTCHAs with 99.8% accuracy, and numbers in images with 90%. A new method of filtering had to be found.
Fortunately, Google found a solution – a simple box.
Although this box may look simple, there is a very sophisticated process behind it. Google’s risk analysis engine works away in the background running its own Turing Test based on how the user is behaving throughout their interactions on the site.
Of course, there will be times when the engine isn’t too sure, and the user will be prompted to complete an activity to confirm their human status:
The Next Stage
Despite making it even easier for us to complete verification processes, developers are constantly looking for ways of making it smoother. Step forward “The Honeypot” method.
The Honeypot technique both makes things easier for your users, while providing an effective method of catching those pesky spambots.
So how does it work?
Well, we know bots love forms, and will fill out every field they find. We also know humans will fill out any field, as long as they can see it. So what if we created some invisible fields that could only be filled in by spambots?
By making the verification process invisible, humans aren’t bothered by it at all, and you can feel reassured that those spambots are willing giving themselves up – especially when combined with Google’s already impressive risk analysis engine.
What’s the CApTCHa?
With a more sophisticated spam catcher comes more complex development. There are some great tutorials online detailing how to set it up, so it’s worth investing in.
The key thing to watch out for is ensuring your users can still use autocomplete, without being flagged as a robot.
Unfortunately, this isn’t always possible, but by combining the two methods, you should be able to create a sleek process, that catches as many bots as possible.