Sometimes you need to protect your web forms from bots and spammers, for example when publishing a webform accessible to anonymous users, or on public comments or contact forms.
On that case there a multiple options you can choose from, but in this article we will focus on the suggested and centrally provided options by the Drupal admins.
In short, the most common mitigation of spam comes in the form of CAPTCHA, but there is also other solutions called Honeypot which might be effective.
Centrally in the infrastructure we provide three modules that implements SPAM filter capabilities, we will present them in the order we consider you should evaluate them, and only in case you discard one of them while evaluating please check the next one.
Image Captcha: This module will present an image containing letters and numbers that the user needs to input on a textbox. This module might not be sufficent for advanced Spam bots, but can provide an first protection level at a very limited cost in complexity on your site’s configuration and maintenance.
Honeypot: By using this module you can easily have a honypot implemented into your website, compatible with any form and Webforms. It uses honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site. Quick tutorial instructions of usage can be found here
ReCAPTCHA: This module implements a CAPTCHA based on the Google’s ReCAPTCHA service v2. This is probably the most secure method from the list but it comes with some important implications in the form of Privacy issues and maintenance. Firstly a google account is needed to use the service, so this might have some impact on the maintenance of the site in case personal Google accounts are used.
On the privacy aspect you need to understand that by using the Google’s ReCAPTCHA service you are accepting their Terms of Service, and several information is collected from the users accessing your websites in order to provide the SPAM filter functionality.
So, as summary, for maintenance and privacy concerns please use Image CAPTCHA or Honeypot modules and only fallback to ReCAPTCHA in case you don’t have anyother option. Or use any other contributed module installed locally on your website.