Stop form spam by using CSS to hide a field

I hate form spam. Whether the form is a contact form, a survey, or something else spamming can make life a pain. SANS has an interesting piece on techniques that can be used to reduce or prevent form spam. In my opinion the best solution is the one that has the least impact on legitimate users, is easy to implement, can be implemented in numerous ways, and has the highest negative impact on spammers. That's why I like the idea of including a form field that is required to be empty. To make it easier on legitimate users the field can be hidden using CSS. This way legitimate users aren't bothered with it, yet spambots are compelled to fill it in.

Consider this contact form:

First Name:
Last Name:
E-mail:
Comment:
URL: (NOTE: Leave this empty)

 

The URL field is our spam trap. When we wrap the URL field in <div style="display:none;visibility:hidden;"> the result looks like this:

First Name:
Last Name:
E-mail:
Comment:
(NOTE: Leave this empty)

Add some form validation to ensure that URL is left blank and that should do it.

Who knows how long it will take the spammers to circumvent this technique but the simplicity and variability of implementations should make it at least a bit more painful for them.

Comments

I'm not a programmer, but I would love to implement this anti-spam fix on my web sites. What is the code that would validate the hidden field as blank?

-Mary