Dan Q

Year: 2025

Do Contact Forms Attract More Spam than Email Addresses?

There’s a question being floated around my corner of the blogosphere, but I think my experience of the answer differs from other bloggers:

It started when David Bushell observed that, despite having his email address unobscured on his website, he gets more spam via his contact form. Luke Harris followed-up, providing a potential explanation which basically boils down to the idea that it’s both more cost-effective and provides better return-on-investment to spam contact forms than email addresses. And then Kev Quirk described his experience of switching from contact forms to “bare” email addresses and the protections he put in place (like plus-addressing), only to discover that he didn’t need it at all.

Disappearing Contact Forms

It makes me sad to see the gradual disappearance of the contact form from personal websites. They generally feel more convenient than email addresses, although this is perhaps part of the reason that they come under attack from spammers in the first place! But also, they provide the potential for a new and different medium: the comments area (and its outdated-but-beautiful cousin the guestbook).

Comments are, of course, an even more-obvious target for spammers because they can result in immediate feedback and additional readers for your message. Plus – if they’re allowed to contain hyperlinks – a way of leeching some of the reputability off a legitimate site and redirecting it to the spammers’, in the eyes of search engines. Boo!

A DanQ.me comment form pre-filled with a diversity of spam tropes, by 'Spammer McSpamface'.
Well this was painful to write.

But I’ve got to admit: there have been many times that I’ve read an interesting article and not interacted with it simply because the bar to interaction (what… I have to open my email client!?) was too high. I’d prefer to write a response on my blog and hope that webmention/pingback/trackback do their thing, but will they? I don’t know in advance, unless the other party says so openly or I take a dive into their source code to check.

Your Experience May Vary

I’ve had both contact/comment forms and exposed email addresses on my website for many years… and I feel like I get aproximately the same amount of spam on both, after filtering. The vast majority of it gets “caught”. Here’s what works for me:

My contact/comments forms use one of a variety of unobtrustive “honeypot”-style traps. These “reverse CAPTCHAs” attempt to trick bots into interacting with them in some particular way while not inconveniencing humans.

  • Antispam Bee provides the first line of defence, but I’ve got a few tweaks of my own to help counteract the efforts of determined spammers.
  • Once you’ve fallen into a honeypot it becomes much easier to block subsequent contacts with the same/similar content, address, (short-term) IP, or the poisoned cookie you’re given.
  • Keyword filtering provides a further line of defence. E.g. for contact forms that post directly back to the Web (i.e. comment forms, and perhaps a future guestbook form), content with links goes into a moderation queue unless it shares a sender email with a previously-approved sender. For contact forms that result in an email, I’ve just got a few “scorer” rules relating to geo IP, keywords, number and density of links, etc. that catch the most-insidious of spam to somehow slip through.

also publish email addresses all over the place, but they’re content-specific. Like Kev, I anticipated spam and so use unique email addresses on different pieces of content: if you want to reply-by-email to this post, for example, you’re encouraged to use the address b27404@danq.me. But this approach has actually provided secondary benefits that are more-valuable:

  • The “scrapers” that spam me by email would routinely send email to multiple different @danq.me addresses at the same time. Humans don’t send the same identical message to me to different addresses published on my site and from different senders, so my spam filter picks up on this rightaway.
  • As a fringe benefit, this helps me determine the topic on an email where it’s unclear. E.g. I’ve had humans email me to say “I tried to follow the guide on your page but it didn’t work for me” and I wouldn’t have had a clue which page had they not reached out via a page-specific email alias.
  • I enjoy the potential offered by rotating the email address generation mechanism and later treating all previously-exposed addresses as email honeypots.
An email spam inbox. A significant number of detected spam messages have the subject line "PAY OR BE EXPOSED" but have different senders.
They’ve all got different “sender” addresses, but that fact that this series of emails were identical except for the different recipient aliases meant that catching them was very easy for my spam filters.

Works For Me!

This strategy works for me: I get virtually no comment/contact form spam (though I do occasionally get a false positive and a human gets blocked as-if they were a robot), and very little email spam (after my regular email filters have done their job, although again I sometimes get false positives, often where humans choose their subject lines poorly).

It might sound like my approach is complicated, but it’s really not. Adding a contact form honeypot is not significantly more-difficult than exposing automatically-rotating email aliases, and for me it’s worth it: I love the convenience and ease-of-use of a good contact/comments form, and want to make that available to my visitors too!

(I also allow one-click reactions with emoji: did you see? Scroll down and send me a bumblebee! Nobody seems to have found a way to spam me with these, yet: it’s not a very expressive medium, I guess!)

× ×

Article posted at UTC on .

2 comments

Note #27400

Did I just rank my LPG provider 10/10, or 1/10? I genuinely don’t know.

Slider from a web questionnaire, asking "In a scale of 0 to 10: How likely are you to recommend Flogas for bulk gas?". The slider below, though, is a scale from 0 to 100, not 0 to 10. The value 10 is selected on the slider, but this is only one-tenth of the way along its length.

×

Note posted at UTC on .

No comments

Impossible Countdown

Or: Sometimes You Don’t Need a Computer, Just a Brain

I was watching an episode of 8 Out Of 10 Cats Does Countdown the other night1 and I was wondering: what’s the hardest hand you can be dealt in a Countdown letters game?

Rachel Riley, wearing a pink and black dress, stands in front of a partially-filled Countdown board showing the letters 'DANQ.ME'.
Or maybe I was just looking for an excuse to open an image editor, I don’t know.

Sometimes it’s possible to get fixated on a particular way of solving a problem, without having yet fully thought-through it. That’s what happened to me, because the first thing I did was start to write a computer program to solve this question. The program, I figured, would permute through all of the legitimate permutations of letters that could be drawn in a game of Countdown, and determine how many words and of what length could be derived from them2. It’d repeat in this fashion, at any given point retaining the worst possible hands (both in terms of number of words and best possible score).

When the program completed (or, if I got bored of waiting, when I stopped it) it’d be showing the worst-found deals both in terms of lowest-scoring-best-word and fewest-possible-words. Easy.

Here’s how far I got with that program before I changed techniques. Maybe you’ll see why: 

#!/usr/bin/env ruby
WORDLIST = File.readlines('dictionary.txt').map(&:strip) # https://github.com/jes/cntdn/blob/master/dictionary
LETTER_FREQUENCIES = { # http://www.thecountdownpage.com/letters.htm
  vowels: {
    A: 15, E: 21, I: 13, O: 13, U: 5,
  },
  consonants: {
    B: 2, C: 3, D: 6, F: 2, G: 3, H: 2, J: 1,
    K: 1, L: 5, M: 4, N: 8, P: 4, Q: 1, R: 9,
    S: 9, T: 9, V: 1, W: 1, X: 1, Y: 1, Z: 1,
  }
}
ALLOWED_HANDS = [ # https://wiki.apterous.org/Letters_game
  { vowels: 3, consonants: 6 },
  { vowels: 4, consonants: 5 },
  { vowels: 5, consonants: 4 },
]

At this point in writing out some constants I’d need to define the rules, my brain was already racing ahead to find optimisations.

For example: given that you must choose at least four cards from the consonants deck, you’re allowed no more than five vowels… but no individual vowel appears in the vowel deck fewer than five times, so my program actually had free-choice of the vowels.

Knowing that3, I figured that there must exist Countdown deals that contain no valid words, and that finding one of those would be easier than writing a program to permute through all viable options. My head’s full of useful heuristics about English words, after all, which leads to rules like:

  • None of the vowels can be I or A, because they’re words in their own right.
  • Five letter Us is a strong starting point, because it’s very rarely used in two-letter words (and this set of tiles is likely to be hard enough that three-letter words are already an impossibility).
  • This eliminates the consonants M (mu, um: the Greek letter and the “I’m thinking” sound), N (nu, un-: the Greek letter and the inverting prefix), H (uh: another sound for when you’re thinking or hesitating), P (up: the direction of ascension), R (ur-: the prefix for “original”), S (us: the first-person-plural pronoun), and X (xu: the unit of currency). So as long as we can find four consonants within the allowable deck letter frequency that aren’t those five… we’re sorted.
Rachel Riley, wearing a blue dress, places the last tile on a board to complete the tileset 'U J Y U Q V U U Z'.
I came up with U J Y U Q V U U Z, but there are definitely many other tile-sets that are completely valid within the rules of Counddown (albeit insanely unlikely to turn up organically) but for which there are no valid words to be found.

I enjoyed getting “Q” into my proposed letter set. I like to image a competitor, having already drawn two “U”s, a “J”, and a Y”, being briefly happy to draw a “Q” and already thinking about all those “QU-” words that they’re excited to be able to use… before discovering that there aren’t any of them and, indeed, aren’t actually any words at all.

Even up to the last letter they were probably hoping for some consonant that could make it work. A K (juku), maybe?

But the moral of the story is: you don’t always have to use a computer. Sometimes all you need is a brain and a few minutes while you eat your breakfast on a slow Sunday morning, and that’s plenty sufficient.

Update: As soon as I published this, I spotted my mistake. A “yuzu” is a kind of East Asian plum, but  it didn’t show up in this countdown solver! So my impossible deal isn’t quite so impossible after all. Perhaps U J Y U Q V U U C would be a better “impossible” set of tiles, where that “C” makes it briefly look like there might be a word in there, even if it’s just a three or four-letter one… but there isn’t. Or is there…?

Revised "impossible countdown" board, showing letters 'U J Y U Q V U U C'.

Footnotes

1 It boggles my mind to realise that show’s managed 28 seasons, now. Sure, I know that Countdown has managed something approaching 9,000 episodes by now, but Cats Does Countdown was always supposed to be a silly one-off, not a show in it’s own right. Anyway: it’s somehow better than both 8 Out Of 10 Cats and Countdown, and if you disagree then we can take this outside.

2 Herein lay my first challenge, because it turns out that the letter frequencies and even the rules of Countdown have changed on several occasions, and short of starting a conversation on what might be the world’s nerdiest surviving phpBB installation I couldn’t necessarily determine a completely up-to-date ruleset.

3 And having, y’know, a modest knowledge of the English language

× × ×

Article posted at UTC on .

5 comments

Note #27366

I’m looking at a listing for a ¼” to ⅝” screw adapter, for which the seller warns that I should “please allow 1-3cm error”.

A 3cm error would mean that a ⅝” screw could result in a screw thread anywhere between 1⅘” and… minus half an inch, I guess? (I don’t even know how to make the concept of negative lengths fit into my brain.)

I suppose this seller could send me an empty envelope and declare that it contained an infinitesimally small adapter. At which point… I’d be the one that was screwed!

Highlighted item description from an eBay listing. The highlighted section shows that the listing is for a quarter inch to a five-eighth of an inch adapter made of a premium aluminium alloy, and that the buyer should "please allow 1-3cm error due to manual measurement".

×

Note posted at UTC on .

No comments

Egencia Mailing List Accessibility

A special level of accessibility failure on Egencia‘s mailing list subscription management page: the labels for choosing which individual mailing lists to subscribe to are properly-configured, but the “unsubscribe all” one isn’t. Click the words “unsubscribe all” and… nothing happens.

But it gets better: try keyboard-navigating through the form, and it’s hard not to unsubscribe from everything, even if you didn’t want to! As soon as the “unsubscribe all” checkbox gets focus, you get instantly unsubscribed: no interaction necessary.

Note posted at UTC on .

1 comment

The real (economic) AI apocalypse is nigh

This is a repost promoting content originally published elsewhere. See more things Dan's reposted.

“OK,” the young man said, “but what can we do about the crash?” He was clearly very worried.

“I don’t think there’s anything we can do about that. I think it’s already locked in. I mean, maybe if we had a different government, they’d fund a jobs guarantee to pull us out of it, but I don’t think Trump’ll do that, so –”

“But what can we do?

We went through a few rounds of this, with this poor kid just repeating the same question in different tones of voice, like an acting coach demonstrating the five stages of grieving using nothing but inflection. It was an uncomfortable moment, and there was some decidedly nervous chuckling around the room as we pondered the coming AI (economic) apocalypse, and the fate of this kid graduating with mid-six-figure debts into an economy of ashes and rubble.

I firmly believe the (economic) AI apocalypse is coming.

I’m not sure I entirely agree with Doctorow on this one. I’ll probably read his upcoming book on the subject, though.

I agree that, based on the ways in which AI is being used, financed, and marketed… we’re absolutely in an unsustainable bubble. There’s a lot of fishy accounting, dubious business models, and overpromised marketing. I’m not saying AI’s useless: it’s not! But it’s yet proven itself to be revolutionary, nor even on the path to being so, and it’s so expensive that it seems unlikely that the current “first dose is free” business model is almost-certainly unsustainable.

But I’m not convinced that a resulting catastrophic economic collapse is inevitable. Maybe I’m over-optimistic, but I like to imagine that the bubble can fizzle-out gradually and the actually-valuable uses of AI can continue to be used in a sustainable way. (I’m less-optimistic that we’ll find a happy-solution to prevent AI from being used to rip off artists, but that’s another story.)

But we’ll see.

Repost posted at UTC on .

No comments

Note #27339

This post is part of 🐶 Bleptember, a month-long celebration of our dog's inability to keep her tongue inside her mouth.

We made it to the end of another Bleptember, with a photo every day of my especially-bleppy young doggo.

A champagne-coloured French Bulldog in a teal jumper lies in a soft brown dog bed in the corner of an office. She looks over her shoulder at the photographer, her tongue sticking pretty-much entirely out in a long blep. In front of her, a handwritten sign is marked with a pawprint and a heart and the words 'Happy Bleptember 2025! See you next year!'

Thanks for coming along for the ride. See you next year!

×

Note posted at UTC on .

1 comment

Note #27329

This post is part of 🐶 Bleptember, a month-long celebration of our dog's inability to keep her tongue inside her mouth.

Somehow, even when she’s alert and focussed, our dog’s bleppy tongue makes her look at least a little bit dopey.

It’s the Twenty-Ninth of Bleptember; we’re almost done for another year!

A champagne-coloured French Bulldog, with her tongue sticking our, sits upright in a dog bed in the corner of an office.

×

Note posted at UTC on .

No comments

Note #27327

This post is part of 🐶 Bleptember, a month-long celebration of our dog's inability to keep her tongue inside her mouth.

It’s a little wet and miserable this Twenty-Eighth of Bleptember, but what really perturbed this bleppy doggo was somebody she didn’t recognise moving a wheelie-bin outside their house. What could they want? Can they be trusted? Might they have ham? 🐶

At the end of a lead on a wet suburban pavement, a French Bulldog wearing a teal jumper and harness stares into the middle distance, her tongue sticking out.

×

Note posted at UTC on .

No comments

Q, Like…

Sometimes people connect my unusual name to popular culture. They say things like “Oh, Q like James Bond?” or “Oh, Q like Star Trek?”.

I think their choice of franchise tells me more about them than they learn from my answer, which is usually “No, Q like the set of rational numbers.”

Note posted at UTC on .

3 comments

Note #27318

This post is part of 🐶 Bleptember, a month-long celebration of our dog's inability to keep her tongue inside her mouth.

Sometimes you’re Just Tired. It’s been a long week. Happy Twenty-Seventh of Bleptember.

A half-asleep French Bulldog lies on her side with her tongue resting on the laminate wooden floor.

×

Note posted at UTC on .

No comments

Note #27316

This post is part of 🐶 Bleptember, a month-long celebration of our dog's inability to keep her tongue inside her mouth.

Just a mini-blep this Twenty-Sixth of Bleptember, from a certain attention-seeking doggo who insisted on a cuddle from me while I sat in a Zoom meeting.

A French Bulldog in a teal jumper lies on her back in the arms of a white human, alongside a desk with a computer keyboard. She looks contented and sleepy, and her tongue is slightly sticking-out.

×

Note posted at UTC on .

No comments

Note #27302

This post is part of 🐶 Bleptember, a month-long celebration of our dog's inability to keep her tongue inside her mouth.

Perhaps it’s because I’ve been away for a couple of days and she’s missed me… but this bleppy dog wanted lots of cuddles and reassurance as we prepared for the school run, this Twenty-Fifth of Bleptember.

An uncertain-looking French Bulldog in a jacket and harness has her tongue gripped in her underbite as the enjoys a hug and scritch from a white human.

×

Note posted at UTC on .

No comments