Exactly. The thing is that the incremental cost to the spambot operator for hitting any form is essentially zero. It's the same model as traditional spam: hit everything, and hope that a fraction of a fraction of a fraction of a percent produce a return. It's easier and cheaper to program the spambot to hit every form it comes across than to discriminate, so (reasons the spambot author) why bother?

>>> David Mayo <[log in to unmask]> 10/24/2011 1:57 PM >>>
I can say from experience that that won't help - spambots even hit lone
forms with nondescript names.

- Dave Mayo

On Mon, Oct 24, 2011 at 1:48 PM, Jonathan Rochkind <[log in to unmask]> wrote:

> On 10/24/2011 1:15 PM, MJ Ray wrote:
>> trying to design things so that the return on investment
>> for spammers is fairly low,
> In my experience, this is irrelevant. I have spammers spamming my "ask a
> librarian a question" link, which _only_ results in email to a librarian's
> inbox (several of them actually). It never possibly results in anything the
> spammer/spambot submits in that link winding up on the public web. It's not
> even _possible_ for it to do so. The spammer has absolutely _nothing_ to
> gain from sending spam through my "ask a librarian a question" form.  It
> still gets planty of spambots. They are not targetting things that might
> actually do them any good, it's just an all-out assault on any web forms at
> all, apparently.
> Or perhaps the fact that my web form has a 'name' and 'email' form makes
> the spambots decide it just _must_ be a blog comment form.  I suppose taking
> away the 'name' and 'email' labels might help, although it might mess up our
> workflow too. Hmm, now I'm thinking about just telling them to include their
> email in one big comment box, and having my own software regex out things
> that look like email to fill out the field in our internal system.