Once upon a time, you could put a form on the internet, capture good information about your visitor, and use it to service their needs. Today, SpamBots peruse WebSites and fill unprotected online forms with profanity, vulgarity, or at the very least, a bunch of nonsense. Then, to add insult to injury, the SpamBots capture the email address that the form is directed to, and fills that mailbox with email spam. What to do?

CAPTCHA is an answer.

CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human or a SpamBot. The purpose of CAPTCHA is to block form submissions by SpamBots, which are automated scripts that post spam content everywhere they can.

The idea is to place on the form a security code that humans can read and that computer programs and SpamBots can’t read. Computers can read letters and number text and images. But if you add a background, a strikethrough, very spacing, pitch, and distort the image, it knocks them dead in their tracks. The trick is to find that balance where humans can read the code but computers can’t.

The CAPTCHA we use presents 5 characters randomly picked from 0-9, a-z, plus @#$=?. This character set alone offers 69090840 permutation. However, the computer SpamBot has no idea what character set we used, so it must assume that we used the entire keyboard. That means that it must go through 137^32 or 137 followed by 32 zeros.

To further confuse SpamBots, in the background we add either a grid or a salt ‘n’ pepper background, present the characters at different angles and different spacing, and sizes. Then we add a little character distortion. Of course the characters change, a new random character pick is made, with each screen refresh. This has been enough to eliminate virtually all automated form spam.

We tried other methods. For instance, CAPTCHA can present a simple math problem where the human has to supply the answer, like 1+2-2=. But we found that many of the humans could not add and subtract. Another popular method is to present a riddle. But what if the human can’t figure it out? Since we do have a successful track record with 5 character random pick CAPTCHA, we’ll stick with it until something better comes along.