Using Dre and Erin's method, I've got a fix in place. It caught two spams in the first 10 minutes!

I named the field <text name="confirm_email"> to see if I can trick it into knowing exactly what to fill in. I just realized that I didn't echo the results of that field in my notification of the possible spam; I'm going to catch it from now on and see if that trick seems to work on them. 

It's good to hear that JAWS is respecting the "display: none" now; I'm going to check with my usability posse and see if there are any other tricks to know here...


-----Original Message-----
From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Jonathan Rochkind
Sent: Monday, October 24, 2011 10:50 AM
To: [log in to unmask]
Subject: Re: [CODE4LIB] web spam block less awful than Captcha?

Is there a particular label you give it that causes spambots to fill it out, or you find that spambots stick some text in any <input type="text"> you include?

On 10/24/2011 10:46 AM, Erin R White/FS/VCU wrote:
> I'll second Dre's method here. We've used it with great success on our 
> mobile website - it adds zero effort for users and we've had maybe one 
> false positive since March 2010.
> The field is input type="text" with CSS hiding it and its label from 
> display. From my extensive googling it like as of JAWS 10 (released 
> 2009), elements hidden by CSS aren't read, but I'm not sure about 
> support from other readers. I'm assuming some kind of "skip" mechanism 
> will be built in to WAI-ARIA too.
> <label for="spam_city" class="hidden">Spam catcher - do not complete 
> this field</label> <input type="text" name="spam_city" class="hidden" 
> />
> --
> Erin White
> Web Applications Developer, VCU Libraries
> 804-827-3552 | [log in to unmask] |
> From:   Ken Irwin<[log in to unmask]>
> To:     [log in to unmask]
> Date:   10/24/2011 10:35 AM
> Subject:        Re: [CODE4LIB] web spam block less awful than Captcha?
> Sent by:        Code for Libraries<[log in to unmask]>
> This is an intriguing approach, Dre. I wonder how to render this 
> non-problematic for folks with screen-readers too. You could just say 
> "leave this field blank" but that's sort of weird too. Is there a 
> WAI-ARIA approach that would get screen readers to hide this field too?
> I'm looking into Mollom too -- looks like that could work in a few 
> areas of our site.
> Thanks all!
> Ken
> -----Original Message-----
> From: Code for Libraries [mailto:[log in to unmask]] On Behalf 
> Of Andreas Orphanides
> Sent: Monday, October 24, 2011 10:13 AM
> To: [log in to unmask]
> Subject: Re: [CODE4LIB] web spam block less awful than Captcha?
> Here's a method that's by no means foolproof but is practically zero 
> cost (you may be using a version already). Disclaimer -- I have not 
> actually tested this to any extent:
> Include a text input field in your form that needs to be blank for the 
> form to validate in the back end. Keep the field hidden with CSS (or 
> z-indexed behind another element, size set to zero, etc). Users will 
> never see it, so their forms will validate; I doubt that most spambots 
> are sophisticated enough to check whether a form field is hidden or 
> obfuscated before filling it in. Then silently reject submissions with 
> that field filled.
> I am not sure whether this would cause any problems with tab 
> navigation, screen readers or other assistive technologies, but you 
> may be able to do something to sidestep those issues.... On the other 
> hand, captcha brings its own host of accessibility problems.
> One other disadvantage is that this might be hard to implement in a 
> CMS-based form plugin. But if you're coding forms the old-fashioned 
> way, it's worth a shot.
> -dre.