Form Spam And Captcha

Coined in 2000 by a teams from the Carnegie Mellon University, the CAPTCHA, or Completely Automated Public Turing test to tell Computers and Humans Apart was designed as a challenge-response test that was intended to be easy enough for any human to solve, but obscure enough that computers and automated programs would be unable to do so.

Captcha is available free of charge from a variety of providers, including Google, (their version is called reCAPTCHA) and its main function is to prevent automated “bots” from creating accounts, posting comments, submitting forms, and similar spam-like activities online.

And it worked fairly well for quite a while.

Bypassing The Captcha System

It still works fairly well actually. The principle is sound, afterall. But of course, as is usual when somebody sets up an impediment to something that somebody else wants to do, people tend to work at finding ways around it, and that is exactly what’s happening with the Captcha system.

And it seems that most of that bypassing is being done, not by smart computer programmes, but by labour intensive human work.

There are several systems out there that allow you to purchase the solutions to Captcha questions in real time, so real people are out there solving Captcha’s on behalf of spamming programmes and people, so you can get spam in your form submissions.

All you need to do is pay the service, (around $1 for 1,000 Captcha’s) and they’ll submit your spam forms for you, circumventing the fact that computers can’t automatically submit spam because of these little challenges.

If you’d like to see exactly how it’s being done, read this great article on Breaking CAPTCHA with automated humans.

In Summary

In summary, it doesn’t look like there is any foolproof way of preventing your forms from being spammed. No matter what we do, we can’t get around people being able to do this, unless we want to prevent anybody from being able to complete an online form. And that means that you’ll need to accept that spam is an undeniable part of having an online presence.

One day there will be a new method to prevent it, and not long after that, some enterprising person will figure out how to beat that too.