Skip to main content Accessibility statement Sitemap

Preventing spam in Web forms without CAPTCHAs

Published: 7th July 2009

Author: Andrew Hart

No one likes spam in their inbox and there are many weapons to combat spammers from abusing the forms (such as a feedback form) that you have on your website.

The most critical aspect that is often overlooked is preventing spam whilst not losing genuine communication from your users.


example of a CAPTCHA image used to prevent spam

Many Web masters turn to the well known CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) method without carefully considering the implications.

CAPTCHAs are visual challenges, defeating most spam bots but at the same time they can also defeat humans:

'Normal' users can have difficulty reading the text
There are many people with good vision who have reported an inability to read the text from the CAPTCHA images.
Accessibility is often ignored
Users with poor vision often rely on assistive technologies to read the screen for them. Giving them a visual challenge actively creates a barrier to them being able to use Web forms. There are audio alternatives to CAPTCHA images but these are often even harder to interpret than the images as the 'background noise' used to disguise the text from bots also confuses users.
Just because someone can translate a CAPTCHA image does not mean they are going to be willing to do so. The basic rule of the Web is to make your site as easy to use for your visitors as possible. CAPTCHA technology does not fulfil this requirement.

Using a challenge (such as a CAPTCHA) will not only prevent bots but they will also cause the number of genuine submissions of your form to drop.

Is CAPTCHA actually secure?

Most people looking at the CAPTCHA debate don't even consider: "does CAPTCHA deliver the level of security that you think it is?".

The simple answer is: no!

The longer CAPTCHA has been around, and the more popular it has become, the more hackers have focused on bypassing its security. See the case study in "further reading" at the end of this article.

Alternatives to CAPTCHA

You still need to prevent spam, but there is no need to place the work-load on your visitors.

Adding spam watching methods to your web form causes no additional work for your visitors but still cause spam bots headaches:

  • Watching for key-words or commonly 'injected' spam code
  • Including a visually hidden field that entices only bots to complete it
  • Validating form values to ensure they are what you expect to see.

All these need to be implemented with care so as not to cause 'false-positives' which label genuine submissions as spam, or cause any usability issues.

Whilst preventing suspected spam submissions you should always consider the occasional genuine visitor who will trigger one of your spam protection rules. Don't simply send them to a nasty error message - redirect them to a page that can help them resolve the issue. You do not want to alienate visitors after all.


Spam is a problem and it does need to be tackled, but forcing your visitors to jump through hoops is not the right way to tackle it.

Do not rule out CAPTCHA as a method. Whilst I have detailed problems with using this method, there are situations and scenarios where it is still valuable if implemented carefully.

Before you allow your webmaster to create any barriers on your website first consider the real business implications:

  • Does the solution cause any additional work for the user?
  • Is it accessible?
  • Does it trap too little/too much?
  • Is there a fail-safe should a genuine user trigger a spam trap?

Getting the balance between spam prevention and usability right is crucial: dealing with a little bit of spam makes far more commercial sense than losing genuine business!

At Simius Web we can help you to find the best spam prevention for your website, Why not give us a call today?

Further reading

If you are interested in learning more on the impact of CAPTCHA on your business we recommend reading: CAPTCHAs' Effect on Conversion Rates by Casey from GR Web Designs.

For a more indepth look at CAPTCHAs impact on accessibility (including actual working code samples!) I highly recommend reading Spam-free accessible forms by WebAIMs Jared Smith.

Check out how secure CAPTCHA really is with this List of Resources: Breaking CAPTCHA by Karl Groves