Spam: How You Can Fight It
Spam is a real nuisance for anyone with a website and while it used to be that spam would only affect the big websites, nowadays it targets any website regardless of size.
There are many anti-spam measures in place but they always present the same challenge: How can I reduce spam without compromising the user experience?
Although anti-spam techniques have become more advanced and continue to evolve, the spam keeps pace, making it a constant battle. If you use too many anti-spam measures on your site your user experience will be poor, navigation and interaction will be hard and it will ultimately drive visitors away. It is essential that you decide on what the level of trade-off you can accept between your UX and anti-spam techniques.
Here are some of the best anti-spam techniques available:
Cross Site Request Forgery Protection
This is a staple in the war against spam; CSRF protection means that you can stop most of the automated spam by storing a unique ID for a user in the PHP session. This is placed as a hidden field in a submission form. Once the customer completes it the server can make sure that the customer ID matches the one contained in the form.
The Honeypot
This reveals spam by luring a spam-bot into a ‘honeypot’. This is a code trap that works by using a unique field in an HTML form which a human cannot see but a script can. If the bot is programmed to fill in any field it will do so, giving it away as a spam-bot. The problem is that some of the more advanced spam-bots can detect these honeypot traps. In addition, users with outdated browsers or no CSS enabled will show the hidden field. These genuine users will complete the form and be misidentified as spam-bots. However, this is quite rare.
Session Tokens
session token can be set when a customer visits your site by using cookies. Most bots will arrive at the form pages and don’t set cookies meaning that only human visitors would be able to enter and fill in the forms. Of course, it could be that users who land directly on the form page will have no token and be unable to fill out the forms. To avoid this a company should monitor the behavior of visitors as this will affect the type and location of forms on the site.
IP Address Filter
This is a very user-friendly option that identifies spam-bots when a number of submissions come from the same IP address. However, it will only pick them up after they have been on the site a few times. This works well with spikes of activity but not well on random or continuous spamming. Again, the suitability of this method ultimately depends on the sort of traffic your site receives.
These are just a few of the ways that a website can combat spam and each has its benefits and disadvantages. There is no one-size-fits-all solution to the spam problem and it may be that seeking out expert advice and combining a few solutions would be the best scenario for your organization.
If you’re looking for a company that provides database design and maintenance services and other software development services contact us.
