Why shouldn’t I use traditional CAPTCHA?

By Zach Lewis

November 10, 2021

CAPTCHA is not the most effective way to prevent spam. On top of being difficult for humans to decipher, most spam bots can decode these cryptic messages with ease. The Completely Automated Public Turing Test to Tell Humans and Computers Apart (CAPTCHA) is outdated. If traditional CAPTCHA was true to the original Turing test, the onus of proof should lie with the machine, not the human. Modifications like reCAPTCHA and gamified iterations are improvements on the original model, but the burden of spam prevention unfairly falls to individual site users.

Photo by Alex Knight

Other Methods to Prevent Spam

There are much better ways to prevent spam than by using traditional CAPTCHA. Alternative approaches website administrators can take to prevent spam on their pages are outlined below.


Robots.txt Files

A robots.txt file prevents spam by acting as a no-fly list for spam. Developers can implement a simple script that can be filled with unwanted URLs. This requires constant addition of URLs to an ever-growing and never-ending collection of websites. As previously mentioned, a site administrator or webmaster can easily set a robots.txt file up to collect all the unwanted links they discover, like a gardener pulling out weeds from a garden. However, preventing the weed from growing in the first place would save time, energy, and money. This does nothing to deter the spam bot either.

Photo by Ilya Pavlov

Community Sourcing

Community sourcing more closely follows an “if you see something, say something” approach toward spam prevention. A website’s own users are encouraged to flag and report spam links. Titles such as those for moderators can be assigned, with the responsibility of spam prevention allocated to these avid visitors. However, this is more of a warning system that alerts and ultimately removes the offending comments. It also places an undue burden on visitors. Individual users should do what they can to prevent their own personal spam, while site-specific spam prevention should ultimately be handled by the site.


Akismet is a third-party plug-in that websites, typically blogs, can utilize to prevent spam messages. However, if a site is to implement a third-party plugin, it may as well implement an SSO as well, like humanID, though plug-ins such as Akismet could be useful in the short term for less-trafficked sites. Akismet works like an industrialized version of the community source option. It blocks spam by searching through its warehouse of known spam and matches it with the comments and links on a site. Unfortunately, if the spam account is new, the plug-in will not be as effective in preventing the spam link.


Nofollow HTML Microformat

The basic idea of a Nofollow HTML Microformat is to allow websites to stop certain spam links posted on their page to gain search engine standing. While this is similar to a robots.txt file in which the script targets URLs, it differs in that the links are hidden from search engines rather than being made inoperable if clicked on. Nofollow HTML Microformat is applied by Twitter and Flickr by combining a simple script to the ends of URLs that appear on their sites. However, according to Microformat’s wiki, it appears that this method sometimes affects non-spam links on users’ personal pages, so this is not an airtight preventative measure. 


Single sign-on (SSO) creates a unique signature for each user on a given website to prevent spam by limiting access to those individual users. Instead of proving humanness with a traditional CAPTCHA during subsequent logins, the SSO replaces this step since a user’s identity has already been confirmed through the SSO login process itself. Instead of giving spam bots a chance to outmaneuver a CAPTCHA, the SSO prevents them from even accessing the door. More alternatives to CAPTCHA can be found here.

Photo by Owen Beard

humanID CAPTCHA Prevents Spam Without Traditional CAPTCHA

humanID eliminates the need for developers to write code or implement third-party plug-ins. A user’s email is all that is required for an anonymous and secure website experience. humanID’s CAPTCHA keeps spam bots from making multiple accounts, blocks spam, and prevents unwanted comments and links from reaching the site.

Since humanID protects user data, spam bots are unable to target users even if the site is hacked, since no personal data like email addresses or phone numbers will be stored. With humanID, websites will not need to worry about adding extra scripts, investing in third-party plug-ins, or implementing less effective methods of spam prevention such as traditional CAPTCHA. The time and money saved will be a win for developers and users alike.