Good point Dan. I've never actually used that one. The one I've used so far is the "hidden by CSS" field.
On May 4, 7:40 am, "Dan G. Switzer, II" <[EMAIL PROTECTED]> wrote: > >Today, someone on our list posted this link that has 7 different > >methods for protecting against spambots. These methods still protect > >accessibility and don't degrade the user experience. > > >http://webaim.org/blog/2007/03/07/spam_free_accessible_forms/ > > Just a quick comment about one of the techniques mentioned in the post. > > You should never rely on the HTTP_REFERER be properly sent. There are > several Internet Security packages (like Norton) that, by default, will > prevent this information from being sent in the HTTP request. It's also > extremely easy to spoof. Also, it can be blocked from a proxy. > > I've seen too many developers build security context around the use of the > referrer or build code that expects the referrer to be present. The bottom > line is you can't assume the referrer will be present on any given request. > > -Dan
