How to stop automated bots using forms to send Spam
HIPs are used to differentiate between humans and machines. Four HIPs are outlined below, with examples. The example forms do not send any data to anywhere.
If the spammer is an automated bot it is possible to exclude them using a captcha device on the form - but this should be validated using server side scripting. A human spammer will easily overcome defences of this type, so validation has to go further to check for hyperlinks in the other fields. However, there are some bots that can
The "captcha" is usually implemented as an image with distorted characters, and the user is asked to type those characters into a form field. Validation checks the result and deals with the form accordingly.
An example of a form using a simple captcha is at captcha.aspx. See wikipedia.org/wiki/Captcha for more information.
Other measures can take the form of a simple question, such "What colour is a blue sky?" The validation will check for "blue" as the answer, allowing for upper and lower case.
See Random Questions for an example. This page uses asp to set a random question, and checks the response.
Using hidden fields can also defeat spammers. Add a <div> to the form and style it to be hidden. If the automatic bot fills in these fields, then reject the form. A human form-filler would not know these fields exist, unless their browser has CSS disabled.
See hidden fields for an example.
The Asirra (Animal Species Image Recognition for Restricting Access) method uses pictures of animals to determine whether the form-filler is human or machine. See Asirra (at Microsoft.com) for more information, and Assira is an example.