Negative CAPTCHA

The CouchDb demos were getting slammed by spammers, so today Jan put in something that's kind of like a CAPTCHA, but almost the exact opposite.

It's a neat idea, instead of asking the user to prove he's human, it instead tricks the spam bot into revealing it's a bot. It does this with a email field that is hidden from the user by CSS.

When a human user fills out the form, the hidden field will always be blank. But when filled out by a spam bot, it doesn't know the field is supposed to be hidden, so it adds a bogus email address and submits the form. When the back-end code sees the email in the posting, it knows the email was filled in by a bot and ignores the whole submission.

The beauty is it requires no intervention from the end user, no extra steps, no UI clutter and no false positives. Though this technique likely won't work on big community sites (for long), it will work just fine for most smaller sites. Very clever.

Ned has written a great article about this and related anti-spam techniques.

Posted January 17, 2007 2:49 PM