I think your solution will work fine. But the users won't like it, which is why most people try to do some form of captcha.
On my blog I use JS to ask the user for the answer to a simple math problem. Then I use Ajax to create a session variable, if they correctly answer the question. On the landing page I check for the session var. This method has stopped all spam from my blog, and I don't think users hate it as much as the hard to read images you usually see. The fact of the matter is that any kind of extra steps the users have to do will be cumbersome, but you have to try to make it as simple as possible. That said, I've recently come to believe that it would even be better to just post the form with Ajax (after doing the math thing). That way there /is/ no landing page. The reason this is good is because most spammers just directly access your form processor. > -----Original Message----- > From: Irvin Gomez [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 23, 2006 10:34 AM > > Hi, everyone! > > I'm developing a small blog application for a client. Trying > to minimize spam without using a CAPTCHA (to keep matters > simple), I came up with this idea (similar to Cragilist's > post verification): > > Require email verification the first time only. > > It would work like this: > > 1. Create an "emails" table in the database (email_id, email, active). > 2. Whenever someone posts (email required), "emails" table is > accessed to verify that email address is in the database and > is also active. If it isn't, email address is added to the > database (in "inactive' status) and an email is sent to the > posted email asking for confirmation. Clicking on link > provided in email message will set email address to "active" > and publish post automatically. If user doesn't "activate" > email address (because the email address was bogus or any > other reason) within, say, 1 day, post and email address are deleted. > > After that initial "verification' process, all posts by this > person will be published instaneously as long as the email > provided matches one in the database (email addresses will > not be made public, for obvious reasons). > > My questions: > > 1. Will this be effective in REASONABLY minimizing spam? > 2. Is it too cumbersome? (it's way shorter and easier than > registering for a forum, for example) This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:250799 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
