Does Your Website Need Some CAPTCHA?

Many Business website owners have faced this problem: They want to provide a function on their site for visitor’s to send feedback to them without opening the floodgates to spammers.

Posting your email address on your website is generally an invitation for spam. Automated programs better known as “bots” will eventually scan your website and parse out your email address from the rest of the source code and use it for purposes other than what you intended.

There are various tricks and techniques to “cloak” your email address so that these bots do not easily find it. One method I’ve used is to include Javascript in my webpage that pieces together the email address when the page is displayed to the user. With this method there is not a valid email address in the page source itself. It seems to work fairly well, but some “junk mail” does still make it thru.

Another technique is to not post your email address at all on your website, but rather provide a “Feedback” or “Guestbook” type form where visitors can enter comments and then submit using the website form. This keeps the email address off the website completely by making use of a server side script which is activated when the visitor submits the form. Generally this script then formats an email message and sends it to the website owner using an email program on the server itself. The actual email address is encoded in the script or a database and is not available to outside visitors.

These feedback type forms help, but it is still possible to automate the entry of these forms, with the resulting “spam” being received. It does raise the bar, so to speak, in making it more difficult to automate but not impossible.

A better option to use along with these website forms is CAPTCHA. You’ve probably seen this in use on large websites with user signup pages. Before submitting the form, the user is required to read some distorted letters on the screen and enter them as verification. The idea is that the distorted letters or characters cannot be interpreted by computer programs so that the web form being submitted is automatically validated as originating from a human being rather than some automated program.

CAPTCHA is actually an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”. The term is trademarked by Carnegie Mellon University and was started in 2000, so it’s not been around too long. In reality a CAPTCHA is a program that can generate and grade different kinds of tests that most humans can pass, but computer programs can not pass. The most common one known is the distorted letters and numbers test. A CAPTCHA must be fully automated without any user intervention, which makes it a reasonable option for website owners.

Adding a CAPTCHA program to your site helps provide a reliable method to validate that the information being submitted is from a real, live human and not from some automated program. The use of CAPTCHA is becoming more widespread and is not just on the major websites any longer. A lot of site integration examples can be found in the common website programming languages.

Some good resources to get started with CAPTCHA can be found at:

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.