lime icon

Phosphorus and Lime

A Developer's Broadsheet

This blog has been deprecated. Please visit my new blog at klenwell.com/press.
Spam Control: On the Value of CAPTCHA
A slashdot article today on the nuisance of CAPTCHA -- some interesting comments. My contribution to the discourse:

I found this post by Dr. Dave, maker of Spam Karma for Word Press, on the State of Spam interesting reading:

http://unknowngenius.com/blog/archives/2006/01/30/ the-state-of-spam-karma/ [unknowngenius.com]

My interest in CAPTCHA relates directly to comment spam so I may be overly narrowing the problem. I had a couple ideas that I plan to implement at some point for dealing with this outside of CAPTCHA:

1. Require poster to give email address (as with most registration systems). Post comment for a limited period of time (say 15 min), but then have it expire if not verified by clicking link emailed to poster. (Impose a 1-3 comment per session max on posters and periodically purge database of unverified comments.)

2. When posting a comment, run a js script that imposes a 1 second delay of some sort on poster -- to thwart automated attacks. Is there a way to do this effectively? Any implemetations of an idea like this?

Most effective systems I've seen use a layered approach, so these could be layers in a system that also uses CAPTCHA situationally as well.

To my thinking, the problem is not so much coming up with a system that discrimination human problem-solving from computer but rather to come up with one that imposes costs unacceptable to automated spam-bots but acceptable to well-intentioned humans.

Do you think these would be of any use?


link