I am using a custom captcha php script along with news letter scripts to let users subscribe using an email id. The method of registration is based on jQuery.post command.
My question is that am I really safe If I remove the captcha validation from my subscription script. The subscription is simple. For example
mydomain/subscribe.php?email=myemail@somedomian.com
The subscribe.php is called along with email as parameter using jQuery.post command. I am new to web programming stuff and don’t have much idea about spammers in conjunction with above scenario. Any advise would greatly be appreciated.
Thanks
Spambots fill out every form they can get their hands on.
I receive subscriptions from bots everyday and I’m slowly adding captchas to all forms.
A bot does not know if the form he is filling out is for a subscription, a contact form or a mass mailing opportunity.
If you don’t protect yourself by either using captchas or moving some of the logic into javascript functions, you will send emails to all these addresses.
This increases your traffic, decreases your control over your subscribers, makes a mess out of your stats and sometimes you might send an email to users that didn’t want to subscribe because a bot has subscribed thru a trick (i.e. realuser+buy-viagra-now@gmail.com also reaches the user realuser@gmail.com).
So my advise: stay with the captcha
Or: modify your form to make more use of javascript (i.e. load the form via ajax), because bots are not normal users with a browser, they only simulate them