In ever more invasive ways, spammers are finding openings to send messages. One of these is to use automated software to populate and forms. There are a number of ways of combating this, with varying degrees of success and accessibility.
Captcha is a technique that uses a form in a mandatory field that requires input that, in theory, only a human could provide. The most common way this is done is by presenting a number in a partially obscured image. This method is quite effective, but offers very poor accessibility as, by definition, the method hides any text equivalent.
Other methods offer softer questions, like a simple check box that asks ‘is the sky blue?’. This is available to text based browsers and screen readers, though there may still be some language and cultural issues and the effectiveness might be reduced by some spam bots that randomly check the box anyway.
Whatever way you approach it, the fact remains that it is extra work - effectively a penalty - for legitimate users. The Captcha field is not a true part of the page or form content, and so creates a bit of a dilemma for developers.
An approach that seems to work is to add a check box to a form that users check to indicate that they have read the university’s privacy policy. This should be part of any form that asks for an email address or any information that might identify an individual, so strictly speaking it is a legitimate part of the form content. If that checkbox is made mandatory using the back end script’s validation routine (eg: cgi-mailer‘s .required file), then spam submissions of the form will mostly fail.