Preventing Form Spam in cf_sebForm
I use cf_sebForm for all of my contact forms. Form spam is a constant problem for those forms. So, I set up a generic way to do filtering in those forms and wrote both cf_sebForm and SpamFilter.cfc to follow the same guidelines.
The "filter" attribute of cf_sebForm takes a component (or array of components). If that attribute exists, cf_sebForm will pass the Form structure into the "filter" method of the component(s) passed in to that attribute and set the Form structure to the result. This would allow you to write a filter for security or for editing out offensive language, for example.
If the filter method throws an error, then it will be treated just like an error caught by the CatchErrTypes attribute for validation errors.
So, to use SpamFilter.cfc, just instantiate SpamFilter (in this example into Application scope):
<cfset Application.SpamFilter = CreateObject("component","SpamFilter").init(Application.DataMgr)>
Then pass SpamFilter into the cf_sebForm tag:
Note also that this attribute could be set globally as well.
Now all form submissions will be checked for spam. If SpamFilter.cfc determines that a form submission is spam, then it will return a validation error to the user alerting them to that.
SpamFilter.cfc is open source and free for any use. The cf_sebForm (tag docs) custom tag is part of the sebtags custom tag set which is open source and free for any use.
Good question. I definitely wouldn't say that one approach is better than the other - they are just different.
Both SpamFilter.cfc and CFFormProtect aim to prevent spam with no impact to the user or disruption of accessibility.
CFFormProtect takes a combination approach - looking first at behaviors and then looking at the content of the message (including the use of Akistmet). All review that I have heard say that this is highly effective.
SpamFilter.cfc only uses content checking and doesn't use Akismet, because Akismet is only free for personal use, not business use.
SpamFilter.cfc also allows you to update the words and regular expressions that it uses to define spams.
My preference for SpamFilter.cfc is that it is non-invasive (no need to touch much code to implement), it works just as well against manual spam as automated spam, and I can implement it just the spam on personal or business sites.