For a long, long time there has been a page on this website where users can fill out a form to send me an email. It's very simple, and I like the setup. My address isn't revealed anywhere, and your email is sent. Win-win.
It's had no bot/spam protection for the whole time. The comments are the same way. I have wondered for a long time what keeps my site from getting egregiously spammed, especially when I look at other people's websites and see the horrible lengths to which they have to go to prevent spam. I figured that my site's source is easy enough to read, and scraping all the information that's needed would be as simple as e-falling off an e-log.
Today, I received my first website spam, through the link mentioned above. Luckily, I had an idea rattling around my head, with a mind for helping fellow do-it-yourself webguy Carl, who was having some very nasty problems with comment spam. So, seeing that the jig was up, I escalated the threat level of spam to my website from "potential," to "demonstrated."
I implemented the idea I had on my email form, and I think I'll add it to the comments if it proves effective.
It looks like it works. I think I'll add it to the comments now.
11:58 AM, Dec 16, 2006
I've reduced the validation string from eight characters to six, and I'm thinking of setting it so users that login with a password don't have to validate.
10:45 AM, Dec 18, 2006