Apparently the rate of users not using JS is about 0.2% (and has been that way for 10 years), so just applying this solution the the large margins as he’s doing, I’d probably just make an alternate message saying “please enable javascript to contact me” and let that be that.
Eh. These sorts of metrics aren’t always accurate. And the source company did the study in 2016, which was a very very different internet, and doesn’t go into detail about how they were able to determine this number. I would take that with a grain of salt. I agree that just having a notice somewhere is better than not, though.
Sure, I was just curious and looked it up, that’s the first link I saw. I guess the question is — is it better to theoretically annoy real users who aren’t using JS (and how many are there) or is it better to frustrate and annoy lazy spammers (and how many are there?). On my own sites I really rarely get non-spam email. I’d be fine making a random 10-45 second timer on my contact forms doing this, no one needs to contact me in under 10 seconds on my websites.
Additionally, any spam tools could end run around this with Selenium and a sleep. idk if that would introduce enough of a delay to make running the spam campaign not worth it, since you wouldn’t really know what sites have the form delay you’d have to sleep on all of them for whatever time delay you think is worth it for maximum coverage.
This is a super interesting defense in depth strategy that i’d never thought of before though.
Yeah, it’s definitely a very unique approach I haven’t seen before. I’ve been using the “honeypot” method for years, which has been working surprisingly well.
Wouldn’t this effectively mark all messages from a user who isn’t using JavaScript as spam? 🙃
Apparently the rate of users not using JS is about 0.2% (and has been that way for 10 years), so just applying this solution the the large margins as he’s doing, I’d probably just make an alternate message saying “please enable javascript to contact me” and let that be that.
Eh. These sorts of metrics aren’t always accurate. And the source company did the study in 2016, which was a very very different internet, and doesn’t go into detail about how they were able to determine this number. I would take that with a grain of salt. I agree that just having a notice somewhere is better than not, though.
Sure, I was just curious and looked it up, that’s the first link I saw. I guess the question is — is it better to theoretically annoy real users who aren’t using JS (and how many are there) or is it better to frustrate and annoy lazy spammers (and how many are there?). On my own sites I really rarely get non-spam email. I’d be fine making a random 10-45 second timer on my contact forms doing this, no one needs to contact me in under 10 seconds on my websites.
Additionally, any spam tools could end run around this with Selenium and a sleep. idk if that would introduce enough of a delay to make running the spam campaign not worth it, since you wouldn’t really know what sites have the form delay you’d have to sleep on all of them for whatever time delay you think is worth it for maximum coverage.
This is a super interesting defense in depth strategy that i’d never thought of before though.
Yeah, it’s definitely a very unique approach I haven’t seen before. I’ve been using the “honeypot” method for years, which has been working surprisingly well.
they could add a little text box thats hidden by javascript tby default informing them of that