Spammers are annoyingly everywhere. I get spam comments on my blog every day. Luckily most of them are caught by our spam filters, but every once in a while one or two get through. If I didn't have a way to protect my Web forms from spam I wouldn't put them up. As the volume of spam coming through them is so large that I could easily spend all day cleaning my website. And very quickly I wouldn't have a website.
Because of all this spam, in order to use forms on the Web, you have to do soemthing to help protect yourself from the spammers. There are several options:
- Don't put up forms
- Use automated filters
- Use manual filters
- Use CAPTCHAs
Below I'll examine each of these options.
Don't Use Forms
This is the simplest way to protect against form spam. Simply don't use forms. But if you need to interact with your readers you need to have some type of contact information on the page. Putting an email address on the page is a bad idea, but if you're not going to use HTML forms, then your only other option is a phone number. And many people won't pick up the phone if they are online. But if your business can support it, this is the best way to prevent spam - don't let it even start.
Use Automated and Manual Filters
Automated filters are done by computers while manual filters are done by you or another person. Automated filters work fine. They catch the majority of spam that comes through things like blog comments. But spammers are constantly trying to outwit them. So your spam filters need to be constantly updated and things will still get through.
Manual filters work even better, because you are making the decision yourself as to what will go live on your site. This is how most of my forms are handled on my site. I put them through an automated filter to get rid of the majority of the spammers and then weed out the rest by hand. If you get a lot of form entries, this can take a long time, but is the most effective way of preventing spammers from getting through. Remember however that this won't stop them from attacking, the attacks just won't show on your Web pages.
A CAPTCHA is a visual image (usually of a series of characters) that are written in a strange font and are difficult to read. They are supposed to be impossible for a computer to read, but a human can read them. Then your readers read the text, fill in the correct letters, and their form is submitted.
CAPTCHAs don't work well for a couple reasons, not least of which is that they have been beaten and spammers will waste no time capitalizing on that. The other reason that CAPTCHAs are bad is because they block legitimate users from using your form. Many people find them very difficult to use. And if you've ever been blocked by a CAPTCHA that you're sure you're typing in correctly, you know how frustrating that can be. If the CAPTCHA is on a blog comment, that's one thing, but if it's on a support form that might result in more unhappy customers who become ex-customers. Which is bad.
One way that I like to fool spammers is to add CSS to forms to hide certain fields. When the spam bot comes in and reads the HTML, their bot sees that form field and fills it in. Then when I get the results any entries that have that field are automatically deleted. To do this use the display: none; property on the field. Web browsers will leave that form field completely off the page, but spam bots will see it in the HTML and fill it in.
Use a Combination of Methods
Spammers are always updating how their robots work, so for best results you should use a combination of methods to protect your forms. And don't get too frustrated when spam gets through. Just delete it and move on.