Spamfighting

May 9, 2025

Since the dawn of time, an endless struggle has raged between the forces of spam and everyone else who just wants to have a comments section or an inbox, or really receive messages in any way.

I’ve complained before on Mastodon about the spam I get in my contact form, but the other day I got a particularly insulting message. It was something along the lines of

Tired of ineffective advertising? Try our service. Spam your message into contact forms all across the internet!

The ads for cryptocurrency and gambling and SEO are all bad enough. But this spam ad for making more spam really just appalled me.

Fighting back, but at what cost?

I’ve been thinking about ways to cut down on it. I remember that I saw a blog post last week—unfortunately I don’t remember where—with a simple technique. You add a trap field to the form and hide it with CSS. Normal users will never see it, but bots that are just scanning the raw html will. Then you reject anything that has something entered in that field.

It’s not a very sophisticated technique, and certainly not completely effective. But it is a simple, unobtrusive one.

The problem with fighting back against the spam is that almost every solution either makes it harder for actual people to contact you, increases the complexity of your own setup, or, most likely, both. It sucks.

I’ve thought of a few of my own ways of filtering at least a few bots. I’ve thought about setting up something like Anubis. But that starts to come into conflict with my goals for my site.

I do use a small amount of javascript on my site. But one of my design goals is that the main content should all be static and nothing crucial should depend either on javascript or the little backend server I’ve been hacking on. My website works just fine even in basic browsers like Lynx and EWW. I want to keep it that way.

I also know that no matter what kinds of filters I put up, some spam will always make it through. I can’t change (only deplore) the fact that the majority of traffic on the internet is bots.

What I can do is appreciate the actual humans who come here. If you are a real person and you’re reading this, thank you¹.