[gus_massa]

> I rarely see spam comments here, and there's no visible CAPTCHA. Are you using something custom, or is there a service/approach I'm missing?

Go to your profile https://news.ycombinator.com/user?id=pettycashstash2 and enable "showdead". There is a lot of bad post that are [dead] and are hidden unless you really want to see them.

There is a mix of automated tools, but the details are part of the secret sause, dang never told them. Also a lot of manual moderation by the mods. And also, users can flag and downvote bad comments and with enough of them the post is marked as [dead].

A long time ago, I used Spambayes to filter email. I'm not sure if it van be adapted to filter your contact messages.

[pettycashstash2]

Thanks for the reply. Coca Cola recipe type of Secret sauce? I am now debating implementing sms code verification ( but this comes at cost).

[gus_massa]

I remember a few pages that sed some stupid captcha like "please write the word orange" or "please calculate 204+109". It was a static value, so it was trivial to program. For not very popular blogs, it was good enough (a long time ago).

Also, other blog has a hidden field, that should be empty, but bots like filling all fields.

I'd try those stupid tricks, and if they fail I'd try to put Spambayes as a filter. It was nice because it has good/bad/unusual, and you may like to take a look at unusual stuff to detect false positives. (I'm not sure if there is a better alternative to Spambayes. I used it like 20 years ago.)

[pettycashstash2]

Thanks for the suggestions! About simple custom captchas, they are easily bypassed but effective enough for smaller sites. I've got the honeypot field running now and am monitoring how well it catches bots. The email verification should be the strongest barrier of the bunch. Between those two plus the basic captcha, hopefully that covers most automated spam without being too annoying for real users. Curious to see the results over the next week or two.