Say you make and ship a software product. Chances are that you also maintain a public forum in the support section of the website. It is also highly likely that you have a problem with spam.
Any public forum with open positing policy quickly deterriorates into a dump. A conventional way to deal with this is to require creating an account, solving a captcha and then validating the email address. This is not good, this is a hassle.
Consider someone who just downloaded the product, tried it and on the spur of the moment decided to tell you all that there’s to tell about it. That’s an impulsive feedback - very precious, very useful. The last thing you want is to drag this person through the hurdles of registration.
Alternatively, you can let anyone post, but hold initial posts in the moderation queue. This is not good either, because it’s a hassle too, but this time it’s yours.
But there is a better way.
You can tell a human from a spam bot by the way they move through the site. Humans typically come through a referrer, they look around, they scroll pages, they download the program and only then come to the forums to post.
On the other hand, bots are simplistic - they come, they post, they leave.
Ain’t this difference plenty enough to guess a human? I think it is.
So, instead of disallowing anonymous posting and requiring captchas, drop a cookie and look back at visitors’ history on the site. If it checks out, let them post, no strings attached. If it doesn’t, well… there’s that chance to annoy them with captcha.
Discussion on HN - http://news.ycombinator.com/item?id=4809007