quiet bot detection and filtering in ASP.NET MVC

Question

I'm setting up an e-mail form and I need to be able to check for bots and filter them quietly. The site runs ASP.NET MVC. I'd like to avoid CAPTCHA. Any ideas?

Answer 1

IIRF can do blacklisting based on user-agent or IP address (or other things). Works with ASP.NET, PHP, anything. Runs on IIS5, 6, 7. Fast, easy, free.

You can browse the doc here.

Answer 2

I saw a solution to this with forms, the premise was using JavaScript to count keystrokes and time the distance from page_load to form submission. It then guessed if it was a bot based on that time and a typical expectation boundary for keystrokes/second as bots (that use the browser) tend to dump text very quickly without strokes (just a ctrl-v).

Bots just sending POST or GET data without loading the page just get filtered too.

I don't know the details of the implementation, but might be an idea.

Answer 3

Add a new input field, label it "Please leave blank", hide it using CSS, and ignore the post if that field is filled in. Something like this:

<style type='text/css'>
#other_email_label, #other_email {
    display: none;
}
</style>
...
<form action='mail'>
<label id='other_email_label' for='other_email'>Please leave blank:</label>
<input type='text' name='other_email' id='other_email'>
...
</form>

So a human being won't see that field (unless they have CSS turned off, in which case they'll see the label and leave it blank) but a spam robot will fill it in. Any post with that field populated must be from a spam robot.

(Copied from my answer to this related question: "What is a good invisible captcha?")