(Originally published October 2008.)

I’m a web developer. The site tagline probably makes that clear. So, I’ve come across numerous situations where spam is a problem. Yet I refuse to use CAPTCHAs to prevent spam. Even as the owner of a site with absolutely no spam filtering at all, I’d sooner write a 10,000 line spam filter than a 100 line CAPTCHA.

Why? Because spam should not be the user’s problem. By using a CAPTCHA you are doing just that, making a spam problem on your site into something which is somehow the user’s fault. That has never seemed right to me. A better solution is just a spam filter.

Looking across all my sites, I can see that at least 90% of all spam is composed of at least half hyperlinks. It should be quite simple to filter out comments with such a low text-to-linked-text ratio. Further, a majority of them try to use both html hyperlinks and some sort of forum markup (in the form of [url=http://somesite.com]spam text[/url]). You can reduce the spam on your site by at least 50% by taking those few simple steps with no additional burden to the user.

For contact forms, just have it send the email to a Gmail account. Gmail has what I can only consider to be the best spam filter ever. I have had my tylermenezes@gmail.com address since 2003 or 2004, and I’ve posted the address in plain-text nearly everywhere on the web. Only one piece of spam has ever hit my inbox; only two legitimate emails have ever hit the spam folder. Just take advantage of the work done by Google and you’ll save yourself and your visitors some time.

This goes for the email obfusification techniques, too. Posting your email in the tylermenezes [at] gmail [dot] comform does not make it any harder to read. In fact, have a look at this Google search. If I wanted to send spam to people, there’s a really easy way to get 8 million addresses. On the other hand, if you try to search for regular addresses, Google won’t give you anything. Saving it in an image is bad, too. It makes it even harder to put in a “To” field (I can’t copy and paste anymore!) and how hard do you really think it is to do ocr on those?

Especially if you’re a business, don’t make it harder for people to contact you. It’s just stupid.