If you have a website, you should have a contact form. If you have a contact form, you will no doubt have encountered spam. If you have encountered spam you’ll have pulled your hair out or bought something dodgy from Russia.
In any event, to overcome this you’re more than likely to have introduced a maths quiz or a lesson in reading hieroglyphics to your contact form, to ensure only humans fill them in – but it’s quite possible that at some point you’ll have put off people from filling (or being able to fill out) your form by making them decipher something like:
Essentially, you want to make it as easy as you can for your visitors to fill in your contact form, whilst making it as difficult as possible for spambots to get through your validation.
One technique that we have adopted of late has seen great success in doing this and (for now) we feel as though we’ve beaten the spambots at their own game.
When putting together a form that, for example, requests name, email & company – insert a text input box and whilst sticking to your naming convention, call this something like title.
<form>
<input id="this_title" type="text" name="this_title" value="" />
<input id="this_name" type="text" name="this_name" value="" />
<input id="this_email" type="text" name="this_email" value="" />
<input id="this_company" type="text" name="this_company" value="" />
</form>
However, use CSS to make the title field invisible to users – as it’s within the HTML, it will still be seen by bots and as it is the first field in the form, they will fill it in.
#this_title
{
display:none;
}
Then, in the script that deals with your form processing, just dismiss any form submissions where the title has been filled in:
$this_form_spam = $_POST['this_title'];
if ($this_form_spam == "")
{
// process the form and send email
}
else
{
// mock and laugh in the face of spam
}
So far so good, it appears to have a 99% success rate (give or take) and everyone is happy – you don’t receive spam and the spammers think they’ve spammed you.
Great idea!
How come nobody has commented on this post? Am I the only one who is positive about this unconventional and simple solution? Or am I stupid and overlooking something, or is my poor internet connection here in Thailand not loading everything?
Is it the reCaptcha to post this comment?
I had one (well, two) ideas.
I recommend to give a unusual (weird) name/ ID to the invisible field to make sure it’s not filled out by the autocomplete service of some browsers. I don’t use it often, but remember in Google Chrome filling the first field with my name and it automatically entered other common fields like last name, email etcetera. Just an idea…
And it might be unlikely, but if somebody visits your page and disables the stylesheet, it might be wise to add some note to tell the people not to fill this field.
But thanks for this easy and interesting solution. I haven’t used it yet, but can’t see why it should not work.