We all hate spam in our email inbox, but we rarely try to get to the root of the origin and purpose of spam. Many webmasters face the problem of receiving spam emails through their website forms. These are typically contact forms that are set up for visitors to post their inquiries or give feedback. Spammers try to hijack these forms to send spam, either by manipulating where the forms send emails or by flooding the webmaster with spam. This article outlines some of the ways you can combat spam in website forms intended for feedback, comments, inquiries, and any other contact.

Form field validation

A very important part of having a secure form is ensuring that there is strict validation of the form fields. This is best explained with an example. When you accept a phone number through the contact form, you can code the form to ensure that only numbers are entered in the form field. Similarly, for an email address field, the form must be able to determine that a well-formed email address has been entered. If the fields contain something that that field is not supposed to contain, like special characters or some fun text, the form will throw an error and will not be submitted until the errors are corrected. This prevents any malicious code or text from being inserted into the form. It also prevents automated robots from filling out the form without understanding what is required and how it should be completed.

Captcha

One of the most effective ways to combat spam is by enabling a captcha at the end of each form. The captcha requires the user to enter a word or number verification that is shown in an image. These bots and automated systems prevent form submission without thinking. Since bots generally cannot detect text within images, they do not enter the correct Captcha text preventing the form from being submitted.

Confirmation alert

Another simple trick that can be used to harass spammers is to add a confirmation alert box that pops up to confirm the details the user is trying to send. Robots and automated form submission software cannot click the confirm button in the alert box. Something like: “Are you sure you want to submit the form? Yes No” can be an additional layer of protection against comment spammers. This is also a good way to allow users to review the information they are submitting and correct any errors or typographical errors before submitting the form.

Anti-spam add-ons

Akismet is an Anti-Spam plugin used for WordPress, which can identify genuine comments and filter spam comments. This can be useful if you don’t want to enable a captcha confirmation box or can’t have specific validation on your form. Similar antispam plugins are also available for other platforms. While Akismet-type plug-ins are not 100% correct and can lead to some false positives, they do a very good job of filtering out noise.

Registration information

One of the most important things a programmer can do to track spam sources and spam patterns is to record additional user information. This means that, along with the normal fields that the user submits, the form will also capture their IP address, machine name, browser details, location information, and similar information that can be used to track the source of spam. With this information, you can take action against the spammer or even block your IP address. This way, they won’t be able to keep harassing you or making random submissions.

Some programmers also rely on form fields hidden in CSS, which prevent bots from seeing the names of form fields, preventing them from knowing what data to autofill in text boxes. Consult your coder for the best solution for your website.