Bots Beware: Using Google’s new reCaptcha
Forms, forms and more forms. It’s how we connect with customers. It’s how we ask questions about things. It’s how we receive information. We then take this information and analyze it to make business decisions.
But sometimes, we will receive an influx of form submissions. Charles Smith. Erin Roberts. Dean Simmons. Each of them with an average looking email address. On a normal day, we could assume that sure, these are probably legit. But when we receive 30-40 at a time, with less than 1-minute intervals, that looks pretty suspicious. "What the hell is going on?” is something you’ve probably heard your developer say.
Bots. The wrath of spam that most of us have experienced. They’re inconsistent, they’re annoying, and worst of all… they’re smart. Currently, there are many modules we can use to “attempt” to block the bots:
Most of them work in very similar ways. The basic idea is to authenticate that the form submitter is real in some way. Either they fill out an extra field, type in authenticating text, don’t fill out a specific field that only a bot would fill out, or even use an external service that monitors IP addresses that can safely assume this is a bot.
Like we said, bots are getting smarter. Captcha was the first line of defense, now that’s gone. Then reCaptcha came out, then image captcha, and so on an so forth. The more we increase security, the more we decrease our user experience. Customers get frustrated to a point where they don’t want to submit the form anymore. Luckily for us, Google is taking this problem head on and recently introduced the new reCaptcha.
"The new reCAPTCHA is here. A significant number of your users can now attest they are human without having to solve a CAPTCHA. Instead with just a single click they’ll confirm they are not a robot. We’re calling it the No CAPTCHA reCAPTCHA experience."
This is not only significant because it has a stronger security advantage over the existing solutions, but it improves the user experience immensely. Thankfully, someone has already created a module as an addition to the existing Captcha module, Google Captcha, and it’s incredibly easy to set up. Turn it on, register your site, and enter your keys. You can see it running in the contact form in my sandbox below.
What kind of spam prevention techniques have you used? Let us know in the comments below.
