The honeypot spam filter technique is a work around for recaptcha, an option that can be annoying to users and degrade the user experience.
With the honeypot method on the other hand, users will not even notice its existence.
I did a project for a client who was being bombarded by spam, I mean tens of spam messages every hour. My assignment was to ensure that only legit emails made their way into his inbox.
On my first attempt, I added a honeypot field as shown in the screenshot below.
Note that the bot above indiscriminately populates all fields, which makes it easier to 'arrest it'. It easily fell for the 'business' honeypot.
However, there are some selective spam bots, as shown in the shot below. These spam bots only populate the common fields but ignore the uncommon fields.
I made an important discovery. Most, in fact all the spam bots populate the 'name' and 'email' fields.
I therefore used the field 'name' as the honeypot, and guess what? I managed to filter out all the spam messages so far, those generated by bots of course. Though I have not encountered it yet, human spam can easily bypass the honeypot technique.
What are your views? Please leave a comment below.
No comments:
Post a Comment