Since the early days of digital communication, the internet has been a battleground for the never-ending struggle between technology companies and spammers. Us ordinary people might wonder just what spammers hope to achieve from their antics, but they are very good at using automation to reach as wide an audience as possible. It only takes a tiny percentage of their audience to fall for emotional blackmail, coercion or time-pressured offers for it to be worthwhile for them.
An early problem came from bots that crawled the web searching for email addresses. Displaying an email address in plain text on a site was a sure-fire way to increase the amount of spam received, as the address would be automatically added to lists, and either mailed to or sold to spammers. The solution was the contact form – the user could fill in fields and the webserver would send the email to recipients, hiding the email address from bots entirely. However, in time the bots became more sophisticated, and can now automatically fill in forms as well, although this is more complex than just finding an email address.
We usually see a rise in spam activity to websites we create just a few hours after the initial launch and indexing by search engines. This is a good sign not only for the architecture and basic Search Engine Optimisation we create for our clients, but the quality of content they seem to create for their sites. However, it is also a major issue, especially for smaller businesses that don’t have the resources to combat aggressive spam campaigns.
New innovations are constantly introduced to prevent as much spam as possible, but it’s the regular end-users that tend to suffer the fallout. On the face of it, preventing spam is a noble endeavour, and most people would consider it beneficial to the overall user experience of the web.
If you’re here and reading this, we’re assuming you’re not new to the internet! As such, you’ll most likely have noticed the challenges you sometimes have to complete when logging in, sending messages, and sometimes even using search engines.
These seemingly random challenges from providers like Google serve a dual purpose. Firstly and most obviously, they verify that the users of a service are genuine human beings, and not bots being used to spam or waste costly server resources. The other is to train machine learning algorithms. It’s the first we’re concerned with here.
On paper, the User Experience (UX) of reCAPTCHA is awful – the human has to make the effort to prove they’re not a robot, but the bots don’t have to make an effort to prove they’re human. The example above is reCAPTCHA version 2, a visible challenge to users that changes intensity based on an automated expectation of spam.
Since then, Google have introduced reCAPTCHA version 3, whereby an invisible score is calculated that doesn’t involve the user. However, there is not always an obvious fallback when a genuine user is miscategorised as a spammer.
Having experimented with this solution, we found the rate of false positives to be far too high, meaning that genuine contacts might be filtered out.
Ultimately, this forces website owners into a choice between 3 less-than-favourable options:
- No spam protection – this means a large amount of spam to sort through. This is annoying, takes time and effort, and risks genuine contacts getting lost in all the noise.
- User challenges – result in less spam but users have to make extra effort to fill in forms. The concern is that the extra barrier and frustration that comes with these challenges may prevent people completing them, costing important leads.
- Hidden challenges – such as reCAPTCHA v3, which result in lower effort forms but some messages don’t send or arrive due to false positives.
The ultimate knock-on impact on the UX of contact forms is serious. Due to the different approaches employed, user trust in contact forms is still lower than when using email, as there is uncertainty among some groups whether anyone is actually reading and responding to messages sent via contact forms, or whether the forms actually work at all. This could be a serious barrier to some users.
This means that the least of the three evils might just be recaptcha, as users have become used to completing them, annoying as they can be. This is at least until there is a technological option more like the invisible spam challenge that puts the onus on bots and not people. One that doesn’t throw as many false positives and users on both sides of the form can trust. The devil we all know.
Of course, there are other options. Many sites offer multiple different contact routes to cater for the likes and dislikes of different users, after all form submissions can get lost, calling can result in long waiting times, chatbots often just don’t get it, and clicking an email link opens a native app that some users may not have configured. And spam will always be a problem.
This is why we monitor spam levels on our websites, provide our clients a full rundown of the pros and cons of different approaches, and offer a choice between the different versions of reCAPCTHA.
If you’re having trouble with spam on your website, get in touch with us for a chat – we may be able to help.