Spam protection with Captchas

Captcha has established itself as an efficient tool on the web. The aim of including a captcha in a form is to prevent spambots from submitting the form.
Basically, Captcha is nothing more than a simple test that must first be successfully completed before a form can be submitted. The purpose of the tests is to find out whether it is a human or a robot / spambot that wants to submit the form on the website.
There are different types of captcha. Sometimes letters have to be recognised and reproduced, all fields in an image have to be marked with a street sign, a simple maths problem has to be solved, etc.
There are various factors to consider when choosing the right CAPTCHA technology. The most obvious is how effectively the CAPTCHA protects against robots and spambots. But there are also less obvious criteria.

Captchas are basically completely at odds with the idea of accessibility. By definition, it is a hurdle to differentiating between humans and machines. They therefore almost always lead to a noticeable loss of conversions.

That's why captchas are often omitted at first and activated individually as needed in case of a spam attack. Test your form after each adaptation!

With the introduction of Antibot on Primer, we want to reduce spam without getting on users' nerves. With the help of JavaScript, bots can be identified relatively reliably on online forms without having to tick checkboxes or solve image puzzles. For new projects (from Primer 2.5), we activate Antibot by default.

In addition, we automatically activate the Perimeter module for all customers, which automatically blocks bots that automatically search for typical vulnerabilities.

Google reCAPTCHA is a popular CAPTCHA solution that is used on many websites. It collects as much information about user behaviour as possible (e.g. mouse movements, previously visited websites, browser plug-ins, keystrokes, IP address and more). By combining this collected information, reCAPTCHA can detect potential robots / spambots.
reCAPTCHA does not specify in its privacy policy what happens to the collected data. Due to this lack of transparency in data processing, but also because of its reduced effectiveness, we advise against using this solution.

Honeypot is a Drupal module that inserts hidden input fields into web forms. These fields are invisible to human users, but are filled in by spam bots. If these fields contain information when submitted, the submission is considered potential spam and blocked. Honeypot also works with time-based protection. If a complex form is completed within seconds, the registration is identified as spam.
Unlike Google reCAPTCHA, Honeypot is a local, service-free and therefore data protection-compliant solution, albeit less effective.

We have found that Antibot alone provides sufficient protection against spam. We therefore recommend deactivating reCAPTCHA/Honeypot. This has the advantage that the data is then no longer shared with these services, which leads to better data protection.
This can either be done by the customer for each form individually, or we can deactivate the integration completely. However, if it is reactivated in the future, this could result in additional costs. One option is to manually disable reCaptcha on individual forms and if that works well, we can disable it completely on request.

As spambots are constantly evolving to circumvent anti-spam solutions, spam solutions are also constantly being adapted.

Primer is constantly updated to provide a solid solution for spam protection. However, its effectiveness cannot be guaranteed due to the complexity of the problem.

With a Service Level Agreement or an individual order we check the range of possible measures to solve your spam problem and implement them.