Anti-spam Honeypots And Other Captcha Alternatives To Hunt Down Spambots

“Are you a human?”

“Prove it.”

“Please type the following text.”

As website visitors, we’ve all seen these forms of security measures. They’re called Captcha, which is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”. Captchas are used as a security measure to protect websites from spam and abuse.

The general problem with Captchas is that they make things complex for humans as well. Let’s face it: We all hate Captchas, don’t we? There’s nothing more annoying than trying to post a comment on a blog and then having to decipher some squiggly letters and numbers.

Two easy ways for a better anti-spam strategy 

In fact, it is also a challenge for web developers to create forms that are both user-friendly and secure. It is true that one of the most widely used methods to prevent spam submissions is Captcha. But with the ever-increasing sophistication of spam bots, we have to find new ways to protect our forms.

In this article we’ll explore two other methods, honeypots and timed submissions that are both more secure, accessible and user-friendly than Captchas.

Our favorite is the anti-spam honeypot

What is a honey-pot?

A honeypot is a hidden field in your form that should not be filled out by humans (and should be empty when submitted), but will be automatically filled out by bots and then used to identify spam. The theory is simple: If the honeypot field contains data, it must be a bot — and if it’s a bot, we can ignore its submission.

How to implement honeypot 

Here’s are two ways how you can implement a simple honeypot:

1. Add an empty input field to your web form. This is the honey pot field; this is the one that only bots can see. You should hide it from human visitors with CSS or JavaScript. Human visitors should not even know that it exists.

Here’s an example:

<input type=”text” name=”name” /> <!– human-readable field –>

<input type=”text” name=”hp” class=”hp” /> <!– hidden field for spam bots–>

Here is the CSS to hide the field



        opacity: 0;

        position: absolute;

        top: 0;

        left: 0;

        height: 0;

        width: 0;

        z-index: -1;



2. Give the honey pot field a name like email_address or homepage_url . These are spammy names to give fields because no legitimate visitor would ever put their email address into an email_address field or their own URL into a homepage_url field. Spammers often try to trick us by putting their own URLs into those fields, so we should use those as our honey pots instead of legitimate fields like name or company.

Time-based forms: The second-best Captcha alternative 

Another way to prevent spam is by using a time-based form. This type of form uses JavaScript to ensure that a human user has filled out the form before it’s submitted. 

How time-based forms work

A time-based form uses JavaScript to track how long it takes the user to fill out the form. If the submission takes less than 10 seconds, it’s considered spam and is discarded (or blocked with Captcha). However, if it takes more than 10 seconds, it’s considered a real submission and is sent to you.

We’ve made your life easy with formX’s anti-spam feature

If you think these methods are too cumbersome, worry not. formX, our complete form backend solution takes care of implementing honeypots. It makes the field invisible with Javascript. It also does not take into account spam submissions in the monthly submissions quota. Want to give formX a spin? Try it here!

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top