We've been talking today in #FGIJ about my post a couple days ago on web-spam. We've basically been trying to come up with some good ideas for fighting it. Tabke has also commented about it on his site.
After all of our conversations, you know what I've come away with? I've realized the following two things:
- #1: Most anti-spam solutions are equally valid.
- #2: I'm coming at this problem all wrong. The question we've been trying to answer is "which anti-spam scheme should I use to fight spam?". But the better question is "why am I not just using them all?"
See, just about any good solution (and by "good solution" I mean something that tests for intelligence while at the same time isn't too obtrusive to the average user on your site) is vulnerable to automated attack. If you use traditional image CAPTCHAs (like what I'm currently using on my site) you are vulnerable to OCR-style attacks. If you use mathematical CAPTCHAs (which the Drupal plugin I use also offers) or other types of logic CAPTCHAs, spambots can still easily figure them out with a bit of clever engineering on the spambot author's part. Everything is vulnerable from animated image CAPTCHAs to ASCII CAPTCHas to hidden CSS honeypots to clever javascripting to hashcash and everything in between.
As soon as you accept the simple fact that everything is vulnerable a feeling of helplessness can set in.
However, never fear, there is still a solution.... and that solution is a good one.
Ladies and germs, I present to you, the RAPTCHA!
