We're developing a widget for a client using AIR and Flex. The client is hounding us to make use of a CAPTCHA script to prevent spam or bot signup accounts through this desktop widget. I'm arguing to use an email validation link instead.
My thoughts are that neither will be any better, as since this doesn't run on a web page, the user is validated as a human by downloading/installing the AIR widget in the first place. Spamming isn't the same on a desktop widget as it is on a public web page. At least email activation captures valid email addresses.
Am I right to assume this? The client seems to think that spamming is as easy on this desktop AIR widget as it is on a web form. Your thoughts please. Thanks!
Ryan