How is reCAPTCHA v3 going to stop [Spam] ?

reCAPTCHA v3 将如何阻止 [垃圾邮件]？

The previous ReCaptcha (v2) worked because it tracked the user movement (scrolling, clicking) while the user solved the captcha (clicked on "I'm not a robot"). As far as i understand v3 does the same, but there is just no button to click on, google just "watches" the client and determines wether there is a human controlling the mouse etc. on the other side.

以前的 ReCaptcha (v2) 之所以有效，是因为它在用户解决验证码（点击“我不是机器人”）时跟踪用户移动（滚动、点击）。据我所知，v3 也是如此，但没有可点击的按钮，谷歌只是“观察”客户端并确定另一侧是否有人控制鼠标等。

What if a hacker spams the URLs on my site with an external tool without using the interface I provide?

如果黑客在不使用我提供的界面的情况下使用外部工具对我网站上的 URL 发送垃圾邮件怎么办？

Google generates a token for the client when he passes the checks which you have to validate on the serverside. If someone doesn't pass the captcha (a robot), he doesnt have the token.

当客户端通过您必须在服务器端验证的检查时，Google 会为客户端生成一个令牌。如果有人没有通过验证码（机器人），他就没有令牌。

In addition to the user behavior tracking on your site (as explained by Jonas Wilms), the v3 (and v2) also makes decisions based on your IP, ASN, browser and any kind of information about your system based on the information sent via your HTTP request.

除了跟踪您网站上的用户行为（如 Jonas Wilms 所述），v3（和 v2）还根据您的 IP、ASN、浏览器以及基于通过您发送的信息的任何类型的系统信息做出决定。 HTTP 请求。

The only difference is that V2 is a complete solution i.e, if it thinks a user may be a bot, it will pose additional challenges until it is convinced the user is a human. On the other hand, V3 is non-intrusive. It generates a score based on the parameters discussed above and passes it onto you. It is then your decision to take appropriate steps (like post challenges, or have two-factor authentication, etc.) based on this score.

唯一的区别是 V2 是一个完整的解决方案，即如果它认为用户可能是机器人，它将带来额外的挑战，直到它确信用户是人类。另一方面，V3 是非侵入式的。它会根据上面讨论的参数生成分数并将其传递给您。然后，您可以根据此分数决定采取适当的步骤（例如发布挑战，或进行双因素身份验证等）。

IMO, it is better to start with a V2 solution and implement V3 if you want more control or have a better way to challenge the user if they have a low score.

IMO，如果您想要更多的控制权或有更好的方法来挑战分数较低的用户，最好从 V2 解决方案开始并实施 V3。

(Hereis an interesting article on the differences)

（这是一篇关于差异的有趣文章）

In few simple wordsgoogle tracks your whole cursor and keyboard movement from moving mouse to select form fields to pressing tab to change fields.

简单来说，谷歌会跟踪您从移动鼠标到选择表单字段到按 Tab 键更改字段的整个光标和键盘移动。

To verify reCAPTCHAis working or not --> Submit a form and then click refresh; it would ask for re-submission. Click continue. But as this is a way much similar to Robot activityof submitting a form without any cursor of keyboard movements, reCAPTCHAwill prevent form submission or any other stuff from happenning.

验证reCAPTCHA是否正常工作 --> 提交表单，然后单击刷新；它会要求重新提交。点击继续。但由于这是一种与无需任何键盘移动光标即可提交表单的机器人活动非常相似的方式，因此reCAPTCHA将阻止表单提交或任何其他事情的发生。