So clients with javascript are okay and those without javascript are spammers?
I can't read anywhwere that statement.
Then you might want to use a better javascript detection than using cheap pipe.
We can safely asume that everyone has Javascript. Trying to support users without it is like trying to keep pushing support for Flash Player, or trying to comply with accesibility standards. It just does not make business sense (unless it's a government project that needs to be certified).
After all, that blob of javascript is just as easy to parse (and submit) for a bot as the original form.
Of course! But bots, at least the ones annyoing us, are NOT doing so. If someone wants to SPAM you they will, it's just a matter of time and resources. What if I encoded that base64 (or anything else that is straightforward). It just takes 5 minutes of coding. If I'm the only one doing it, then unless the bot is specifically targeting my sites they won't bother. Of course, if they go for full browser emulation then this won't work anymore, but that makes their work much much slower.
Most bots are designed to deal with the most common use cases, so as long as you keep your application "away" from whatever everyone else is doing to protect themselves from SPAM you can get very nice results.
You would be surprised how effective a couple of lines of code making sure that a field that captures the name and/or surname of a person does not contain numbers is against SPAM.
I can't read anywhwere that statement.
We can safely asume that everyone has Javascript. Trying to support users without it is like trying to keep pushing support for Flash Player, or trying to comply with accesibility standards. It just does not make business sense (unless it's a government project that needs to be certified).
Of course! But bots, at least the ones annyoing us, are NOT doing so. If someone wants to SPAM you they will, it's just a matter of time and resources. What if I encoded that base64 (or anything else that is straightforward). It just takes 5 minutes of coding. If I'm the only one doing it, then unless the bot is specifically targeting my sites they won't bother. Of course, if they go for full browser emulation then this won't work anymore, but that makes their work much much slower.
Most bots are designed to deal with the most common use cases, so as long as you keep your application "away" from whatever everyone else is doing to protect themselves from SPAM you can get very nice results.
You would be surprised how effective a couple of lines of code making sure that a field that captures the name and/or surname of a person does not contain numbers is against SPAM.