There has been much discussion lately about how to prevent spambots from submitting forms on web sites. Many solutions have been presented, many of which impact the usability and accessibility of the web page. CAPTCHA is a classic case where the user and accessibility is directly impacted.

We do not have, and never will have, CAPTCHA support in Joomla Forms!

Why not you might ask - well simply because CAPTCHA is easily defeated - even the professionals, Google, have had their own CAPTCHA defeated!

Also they are just a pain - sometimes you cant even read them let alone copy them! Because CAPTCHAs rely on visual perception, users unable to view a CAPTCHA (for example, due to a disability or because it is difficult to read) will be unable to perform the task protected by a CAPTCHA.

Look at these links for more reasons…

There are really only a handful of good solutions for dealing with spam:

1. Dynamic Rules Engine - This is what we use for Joomla Forms. It’s a set of rules and scores that validate content as it comes in that is designed to change/adapt/grow as the spam changes. We also use sessions, hidden fields, and other “secret” methods.

2. Bayesian filters - Really only useful if the spam follows patterns. Unfortunately the type of spam seems to constantly be changing so a Bayesian filter isn’t really a great solution.

3. SPAM Services - There are companies popping up that offer web services that implement #1 and can help identify whether or not something is spam or ham (http://akismet.com is one such example). In Joomla Forms you have the option to use the Akismet API to check your submissions (Simple toggle switch! no complex programming required!)

4. IP Address Blacklists - This is sometimes useful and therefore we have implemented it in Joomla Forms.  If the submitters IP Address (Which can be spoofed) is in one of 3 black lists (like spamcop.net) then the submission is rejected. This requires Joomla Forms to ping the databases to check the IP Address and its spam status.

5. Tokens - Having a “token” in the form submission can help with spoofing attempts - Joomla now does this so we also do it our way in Joomla Forms.

I hope this short blog post reassures you that we take form spam seriously in Joomla Forms.  We have not discussed all our ways of defeating spam - for obvious reasons - but we hope you like what you see!