User Level: 

Whenever we provide our audience with the site contact form or webforms, we're opening up our sites to input from an external, anonymous audience.  When supplying forms of any type to an external audience, security concerns always become elevated.

A common issue that arises when external forms are used is spam. Spam is unsolicited, junk e-mail – often of a commercial (and/or dubious) nature that is sent indiscriminately, and often in bulk, to digital platforms such as email, mobile phones, comment boards, etc.  In this particular event, it's email spam that we have our eye on.

If a site is opened to an external, anonymous audience via a form, the site administrator has no idea who is going to respond to the form.  This is where CAPTCHA comes in to help.

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a challenge-response test designed to differentiate between humans and automated programs (bots) that crawl the web and exploit external forms.

The CAPTCHA test can vary, there are different programs that create different types, but in general it sets some kind of task that is fairly easy for most humans to perform but difficult for a bot to.

The Contact Form has been set up to automatically introduce a CAPTCHA for anonymous users, but allow people who are logged in to the site to bypass the test. For Webforms, an architect or manager needs to actually attach a CAPTCHA to the form after the form is created.

Read on to learn how to do this...