Something a bit techie this week.  We’ve seen many of our customer websites be inundated with spam emails from their contact forms which makes picking out the real business enquiries quite a chore.

Many people resort to a “CAPTCHA” to solve the problem – but that makes the experience worse for genuine customers as they struggle to interpret the weird numbers, colours and letters.

I’ve recently proved a much more friendly way has blocked 99% of the contact form spam on six of our websites…

This method, which I’m calling the “honey trap”, works because almost all contact form spam is automated – and the programs that automate this process (spam-bots) aren’t very smart.  They usually work by scanning the source of the web page, identifying the text boxes that they can, putting something in every box (in case they are “required” fields) and automatically submitting the form.

I’ve found that when adding an extra email box and hiding it from human view all automated spam-bots still put something in the box.  Humans don’t as they can’t see it at all, but the ‘bots do.  When the form is submitted I check that hidden field – if there is something in it then we don’t send an email – we just pretend to.

Simple, but amazingly effective.

The steps to achieve this are pretty simple (for a coder):

  1. Add a new textbox called something tempting like “repeatemail” to your form.  Make sure it has a label like the real fields – we want it to look as convincing as possible.
  2. Wrap it in a new CSS class, with an innocuous name like “email2”.
  3. Make that CSS class “display:none”.  Don’t use inline CSS, place it in an external stylesheet.
  4. When the form is submitted check the value of repeatemail.text.trim to see if it contains something. If it does do not  run the code to send an email.
  5. Always send the visitor to the usual “Thank You” page as normal, whether email was sent or not, so visible behaviour is correct.
  6. One “gotcha”: Internet Explorer auto-fills hidden form fields (!?), which can create a false-positive.  The solution is to add repeatemail.attributes.add(“autocomplete”,”off”) to page load – this is a Microsoft tag that prevents the field ever being auto-completed.
That’s all it takes to cut spam by 99% (and counting).
If you are an mtsudios customer and are suffering from contact form spam please get in touch so we can add this method to your website – typically with 24 hours.