Form Spam — and How to Can It
In the headline, I use “can it” loosely. It’s more like “limit it.”
Unlike regular spam, which is basically unsolicited email, form spam uses your web site’s own contact or inquiry form against you. It fills your inbox, and potentially your database, with random letters, numbers, fake names and addresses, and URLs of some less-than-family-friendly web sites.
As annoying as it is, form spam does not necessarily mean your web site has been hacked or that someone has tampered with your site. It just means that a person, or more likely, an automated script that performs a set of specific actions — also known as a bot — has found a way to automatically complete and submit your forms.
Because bots are becoming increasingly capable and numerous, we may never be able to stop form spam completely, but there are ways to reduce it:
First, make sure your form is validated before it can be submitted. A simple solution is to require that all text fields be filled in. A more effective but more complex solution is block a form submission if the data in a form field isn’t specific to the form. In other words, a web address can’t be put into a name or a phone number field.
The most popular solution to reduce form spam is a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). CAPTCHAs requires the site visitor to enter a series of alphanumeric characters or words before a form can be submitted. The characters are usually distorted enough to be readable by the human eye, but not by a bot. However, the toughest bots have been known to crack a CAPTCHA. In addition, the characters generated by some CAPTCHAs can be difficult to read, so you might receive less form spam but you may also receive fewer legitimate inquiries.
If you need help determining the best way to use your web site to collect data from prospects, or how you can reduce your volume of form spam, contact BERLIN — we’d be happy to consult with you.
—Joe Faraci, Lead Developer, BERLIN