Deprecated: Assigning the return value of new by reference is deprecated in /DISK2/WWW/w3net.eu/www/wp-includes/cache.php on line 99 Deprecated: Assigning the return value of new by reference is deprecated in /DISK2/WWW/w3net.eu/www/wp-includes/query.php on line 21 Deprecated: Assigning the return value of new by reference is deprecated in /DISK2/WWW/w3net.eu/www/wp-includes/theme.php on line 576 W3Net.eu » Blog Archive » Anti-SPAM technique for contact forms that works

Anti-SPAM technique for contact forms that works

February 18th, 2007

Spam bots are becoming more intelligent and annoying. At first, they only harvested e-mail addresses. They collected e-mail addresses from web sites to send unsolicited e-mail messages to. As a solution, we do not put e-mail addresses on our sites any more, rather we provide a contact form for our visitors. But even this has become insufficient as SPAM bots quickly figured out how to fill out forms to pass the validation of mandatory fields. Our e-mail accounts are flooded with dozens of SPAM messages again. Several techniques exist to protect our web forms from being submitted by a SPAM bot but they are either annoying for the user wanting to submit the form or inefficient. The most commonly used technique to protect forms is called CAPTCHA. I do not like CAPTCHA’s for several reasons: hard to implement, annoying for the user, accessibility concerns, they’re not as effective as once thought (captcha decoder).

A better solution

The ideal solution should keep the form easy for the “good guys” to use. Does such solution exist? I think, I found such. I use it to protect one of my contact forms from spammers and I haven’t received any spam message since then. I added one more input field to the contact form into which the user should type in the answer to a question (for example: Are you a human?). This additional input field is filled in with the correct answer with JavaScript at page load.
It may occasionally happen that some visitors will have disabled JavaScript support in their browser. They will have to provide the correct answer themselves. This technique is also accessible, meaning that users with disabilities can easily send the form too.

I created a simple contact form for testing purposes. Try it out and use the source code if you like.

Posted by attila.szabo Filed in Web development

2 Responses to “Anti-SPAM technique for contact forms that works”

  1. Fabian Hidalgo Says:
    May 25th, 2007 at 9:35 pm

    Would be interesting you explain what happened with this simple solution when a robot try to send a message.

    In this case is not executed the javascript ?

  2. attila.szabo Says:
    June 3rd, 2007 at 3:56 pm

    Right. Spam robots usually do not have JavaScript interpreter so the JavaScript code does not get executed.