Many Business website owners have faced this problem: They want to provide a
function on their site for visitor’s to send feedback to them without opening
the floodgates to spammers.
Posting your email address on your website is generally an invitation for spam.
Automated programs better known as “bots” will eventually scan your website and
parse out your email address from the rest of the source code and use it for
purposes other than what you intended.
There are various tricks and techniques to “cloak” your email address so that
these bots do not easily find it. One method I’ve used is to include Javascript
in my webpage that pieces together the email address when the page is displayed
to the user. With this method there is not a valid email address in the page
source itself. It seems to work fairly well, but some “junk mail” does still
make it thru.
Another technique is to not post your email address at all on your website, but
rather provide a “Feedback” or “Guestbook” type form where visitors can enter
comments and then submit using the website form. This keeps the email address
off the website completely by making use of a server side script which is
activated when the visitor submits the form. Generally this script then formats
an email message and sends it to the website owner using an email program on
the server itself. The actual email address is encoded in the script or a
database and is not available to outside visitors.
These feedback type forms help, but it is still possible to automate the entry
of these forms, with the resulting “spam” being received. It does raise the
bar, so to speak, in making it more difficult to automate but not impossible.
A better option to use along with these website forms is CAPTCHA. You’ve
probably seen this in use on large websites with user signup pages. Before
submitting the form, the user is required to read some distorted letters on the
screen and enter them as verification. The idea is that the distorted letters
or characters cannot be interpreted by computer programs so that the web form
being submitted is automatically validated as originating from a human being
rather than some automated program.
CAPTCHA is actually an acronym for "Completely Automated Public Turing test to
tell Computers and Humans Apart". The term is trademarked by Carnegie Mellon
University and was started in 2000, so it’s not been around too long. In
reality a CAPTCHA is a program that can generate and grade different kinds of
tests that most humans can pass, but computer programs can not pass. The most
common one known is the distorted letters and numbers test. A CAPTCHA must be
fully automated without any user intervention, which makes it a reasonable
option for website owners.
Adding a CAPTCHA program to your site helps provide a reliable method to
validate that the information being submitted is from a real, live human and
not from some automated program. The use of CAPTCHA is becoming more widespread
and is not just on the major websites any longer. A lot of site integration
examples can be found in the common website programming languages.