How to do without captcha?
Unfortunately, many sites use captcha without any special need. Although you can overcome spam in ways that are invisible to the user. Especially, captcha is painful to see on small commercial sites in the form of feedback, since captcha noticeably reduces the conversion of such sites. For large sites that may specifically spam, such methods are not applicable. However, in most cases, captcha can be dispensed with.
The main reason for the abundance of captcha is that developers without hesitation take an example from popular services when developing small sites and do not understand why forms are spammed.
In most cases, forms are not spammed to send an advertising message to the owner. Advertising is much easier to send via email database. The forms are spammed to get links to the site and this site was ranked higher in search engines. Typically, this way links get to doorways - automatically generated sites. A spammer cannot distinguish the feedback form from the form of comments or messages in the guest book - therefore, it spam everything. Form spammers are not ordinary spammers, but door-keepers for another purpose.
If there is a telephone field in the form and it is mandatory, then a simple check: “the number of digits in the phone is more than 4” will reduce spam by several orders of magnitude. Even if the field name is phone. Doors need spamming feedback forms; therefore, their spammers rarely distinguish this field, but simply fill it with all sorts of nonsense. By itself, this check will reduce the number of spam to 2-3 messages per month. Changing the field name will reduce spam even more, however, it will disable the browser auto-completion feature.
In most cases, this method is sufficient for the feedback form.
If we add a normal input field and hide it through CSS, then users will not fill it (since they do not see it), but the spam file will fill this field.
Many spammer robots do not support cookies and you can simply save some cookies when loading and check for cookies after submitting the form. However, some users may have cookies disabled. If they are missing, you need to request a password separately after submitting the form.
On the other hand, some spamiloks support cookies. But it is not necessary to transfer cookies on the page with the form, you can download the IFrame invisible to the user and transfer the cookie in it. Even fewer spamilocks load frames. This method is implemented on wordstat.yandex.ru - if you turn off cookies, he will ask you for captcha.
You can try to download cookies through the picture, even if the spammer uses the browser as an engine, then in most cases it does not load pictures. However, I am confused that Yandex organized this business through IFrame. True, the fact may be that when Wordstat was written, many users turned off pictures due to the slow channel.
Most spam files do not run JS, especially from external files. You can make an invisible field and add some code through JS from an external file to it. If the user has JS disabled, he will have to enter captcha.
The main reason for the abundance of captcha is that developers without hesitation take an example from popular services when developing small sites and do not understand why forms are spammed.
Why spam?
In most cases, forms are not spammed to send an advertising message to the owner. Advertising is much easier to send via email database. The forms are spammed to get links to the site and this site was ranked higher in search engines. Typically, this way links get to doorways - automatically generated sites. A spammer cannot distinguish the feedback form from the form of comments or messages in the guest book - therefore, it spam everything. Form spammers are not ordinary spammers, but door-keepers for another purpose.
Phone contains more than 3 digits
If there is a telephone field in the form and it is mandatory, then a simple check: “the number of digits in the phone is more than 4” will reduce spam by several orders of magnitude. Even if the field name is phone. Doors need spamming feedback forms; therefore, their spammers rarely distinguish this field, but simply fill it with all sorts of nonsense. By itself, this check will reduce the number of spam to 2-3 messages per month. Changing the field name will reduce spam even more, however, it will disable the browser auto-completion feature.
In most cases, this method is sufficient for the feedback form.
Invisible field
If we add a normal input field and hide it through CSS, then users will not fill it (since they do not see it), but the spam file will fill this field.
Cookie verification
Many spammer robots do not support cookies and you can simply save some cookies when loading and check for cookies after submitting the form. However, some users may have cookies disabled. If they are missing, you need to request a password separately after submitting the form.
On the other hand, some spamiloks support cookies. But it is not necessary to transfer cookies on the page with the form, you can download the IFrame invisible to the user and transfer the cookie in it. Even fewer spamilocks load frames. This method is implemented on wordstat.yandex.ru - if you turn off cookies, he will ask you for captcha.
You can try to download cookies through the picture, even if the spammer uses the browser as an engine, then in most cases it does not load pictures. However, I am confused that Yandex organized this business through IFrame. True, the fact may be that when Wordstat was written, many users turned off pictures due to the slow channel.
JS Verification
Most spam files do not run JS, especially from external files. You can make an invisible field and add some code through JS from an external file to it. If the user has JS disabled, he will have to enter captcha.