Some people asked us when they could use mosparo. And how should mosparo be able to protect anything? We already asked ourselves that many times – especially when we started the project.

Since mosparo is not based on a hosted and managed service and not using any magic, it’s hard to see the actual effectiveness of mosparo.

Last week, we discovered a new use case for mosparo, so we want to give you some examples of when mosparo can be helpful – and when it cannot.

Good use cases

First and most important: Contact form (and any other kind of form)

mosparo is designed and optimized for contact forms on websites (and other forms with text fields). The user enters all the data in the form, confirms the mosparo box, and submits the form. The data gets checked by mosparo and declined if spam is detected. A bot can submit the form if his spammy words are not added to a rule. As soon as the owner of a mosparo installation adds the spam words to a rule, the bot will not be able to submit the form again with the same words.

Newly discovered: Brute Force protection

When we developed mosparo, we only thought a little about this option. But last week, we had to implement a Brute Force protection on a custom website for a client of our day job. Instead of developing all the stuff needed for a Brute Force protection, we just added mosparo and enabled the Auto Delay and the Blocking method with relatively small values. Suppose you add mosparo to a login form, for example. In that case, the username or email address gets transmitted to mosparo, the password is automatically ignored (if the HTML type of the field is ‘password’), and every request to mosparo gets counted. After the user tried too many times, submitting the form with mosparo is not possible anymore for a specified time.

Possible use case (but probably not useful)

(D)DoS protection

Of course, you could use mosparo with the Auto Delay and Blocking features to protect your website from a (D)DoS attack. But, since you have to host mosparo on your server, the attacker will also attack your mosparo installation. The benefit of the well-known NoCAPTCHA solutions, typically used for (D)DOS protection, is that some other company does the hosting for you – and they usually have a lot of experience with (D)DOS attacks.

Bad use case

Detecting humans

mosparo is not designed and is not able to detect humans. Honestly, no CAPTCHA will ever be able to detect real humans. There is a race between developers of CAPTCHA solutions and bot developers, which resulted in the current situation. Almost all CAPTCHA solutions are based on puzzles or collecting data – and in the end, you still get spam through your CAPTCHA-protected forms. From our perspective, it makes no sense to try to detect humans. Instead, it’s much better to define which content you want and which you do not – because that’s all that matters. 

Are you not interested in luxury watches? Good, add a rule, and you will not get information about luxury watches again.

If you have other use cases you used mosparo or planned to use, do not hesitate to tell us more about them. Please send us an email to