sandwichesandapples

A friend emailed me through my contact form and asked:

So what's the 2+2= thing below? Is that a security measure? Is it a way to keep out stupid people? Is it totally for fun?

It’s an anti-spam question. Spambots attack contact forms pretty regularly. Questions like that usually stop them. It’s the same principle behind a CAPCHA image (those annoying squiggly words you have to enter on some forms.) CAPCHAs are a pretty poor user experience and my 2+2 question isn’t much better.

One of the best anti-spam techniques I’ve heard of involves adding an input and making it invisible in the browser (display:hidden in the stylesheet) so humans don’t see it. Spambots don’t actually look at the web; they just dumbly fill in fields in a form. So when something fills in your hidden fields, you know it’s a spambot. You just add a little logic to your form — if that field is not NULL, don’t submit — and presto, spambot caught.

But I’m being lazy and using a WordPress plugin called contact form iii and not even changing the default question. I believe spambots have cracked contact form iii because I’ve gotten what looks like automated spam on another site using the plugin. Luckily the plugin allows you to change the antispam question and answer which stops the bots. I hope.