Alexandre Plennevaux wrote: > a much more safe way is to use a very obvious "email" input field that you > hide via CSS. Then you check on the serverside, if that field has received a > value, then it's most probably a bot, because normal users won't see it, > thus not fill it in. of course, not perfect not either since screenreaders > will have it displayed. But i heard it's possible to control and hide stuff > for screenreaders. >
Even that won't work - spammers will often post a comment manually and watch the HTTP traffic using something like Ethereal to see exactly what gets sent to the server. Then they just grab that and automate the process and voila, comment spam! You'd do much better to use something like re-captcha: http://recaptcha.net/ Guy