fighting form spammers

12 September 2012

or How to avoid spammers on your website without using CAPTCHA

If you have forms that can be filled out by your website visitors, you most likely have come across form spammers. These are "bots" that automatically fill out your forms and fill your database with junk. This can cause all kinds of problems, particularly when sending newsletters to your subscribers, many of whom will be bogus.

On the phpList website, we encountered this issue last year. The common approach to solve this problem is to use a CAPTCHA, which is a hard to read code, that supposedly only real humans can solve.

However, there are two problems with CAPTCHAs. First of all, they are often so hard to read, that even humans cannot solve them. But then, if they are made easier for humans, often computers or bots can solve them as well. As a result, they are not a brilliant way to block the real spammers. Too many real people are blocked and too many bots are let through.

So, we decided to find a different way to solve the problem. If you use PHP on your website, then you may be interested to find out how.


We found four services on the internet that try to deal with the issue. All of them have some sort of API to interact with their data. So, in order to get the maximum coverage, we created a class that talks to them all. The class is easy to implement in your code, and you can decide to use all four or any combination of them. You do not need to use all of them.

The class is published on Github. More information can be found in the page we wrote last year about it.