I have a classifieds website, where users must fill in a form to post a classified (offcourse).
I wonder, do you think I need some form of captcha on the form?
Also, I am working on a “register” page where users may get their own username/pass and login to post classifieds more easily.
Also, I have a mail-server setup…
So now, users may click on a classified and at the bottom fill in just three fields in a form (name, email, message) and send an email to the poster of the classified. No captcha there. Is this safe?
My firewall is setup so that it is preventing any outside access to the mail-server except from the websites IP.
Can I set up the firewall to some settings so that I don’t need captcha?
I have my own Virtual Private Server btw, and it is running Ubuntu.
A follow-up Q is, if a spam-bot or whatever, gets the hold of my forms and fills alot of them out, or use my mail-server to send emails, what would happen then?
Would my site and mail-server get blacklisted? Is this reverssible or do I have to create a new mail-server then?
Thanks
I go by the design principle of “least barrier to entry”. You want people to use your site, so you want to make it as easy as possible for them. Anything at all — including a captcha — might turn them away. So my standard line would be to definitely not include a captcha anywhere until you’ve actually seen a problem with spam. And even then, see if the problem can be solved without a captcha first.
Regarding your question of “well what if a spam bot starts spamming”. Simple solution to this is to pre-implement a rate limit. Make it so that someone at a given IP address cannot initiate the sending of an email more frequently than say once every minute. This will not actually cause a problem for real people, but will stop a spam bot in its tracks. You can even try to detect situations where you see a high rate and temporarily block that IP address for 24 hours. That will prevent even the once-a-minute spam.