So I was considering the complaints on spam and I remembered one thing that I think might help in alleviating some spam bots, it would require a source code change but I think it might be worth it.

It might have already been changed in 3.0 but I think this might help:
Change the Email address fields name.

I truthfully think that there should be an option in security and Privacy that allows you to set the field name so that it is not the default EmailAddress. I'm pretty sure as long as it's inserted properly it will work just the same as having the field named EmailAddress.

I ask that it be a field instead of just changed because if it can be set individually each site is more likely to have a uniquer field name which would in turn make it more difficult for spammers to identify the field and fill it out.

That may not help with human spammers but it could very well slow them down.


Just a thought.

heh heh... I can imagine some good field names already. Not a bad idea since bots look for signs. Although, I fear that bots would adapt and, in the end, look for the odd name field if it can't find the email one by default.

Another problem is that within a week, the bots would be reprogrammed to instead look for the one field that isn't named something they expect (find name, password, custom field 1, custom field 2, the only field left is bound to be email address).

Not if they are all settable to different parameters.

Like I could imagine changing the Username to:
Corrupted
The Password to:
Rider
The Email to:
Carousel



It can help quite simply because it defaults to certain field names, it expects things in them/in the coding to fill them out, if we have the ability to uniquely set them it would be more difficult for them to just pick them out using a script.

Just re-generate the hard-coded form names everytime, based on your session.

So unless they figure out the pattern to generate they can't auto-populate the register form.

Oh. You mean to have the all registration form fields names defined differently?

That would work. If they are all different than the default, then the bot would definitely have an issue trying to figure it out.

It just occurred to me that the password field will be obvious, regardless of the name you give it.

A similar discussion from a week ago: http://forums.invisionpower.com/topic/283419-ipb-should-use-recaptcha-for-login-purposes/page__view__findpost__p__1798610

[quote name='iBotPeaches' date='05 May 2009 - 02:02 PM' timestamp='1241546540' post='1799952']
Just re-generate the hard-coded form names everytime, based on your session.

So unless they figure out the pattern to generate they can't auto-populate the register form.

This was my first idea but I wasn't sure how hard that would be to add to the source code.