Talk to us today 0845 86 22 122

Blog.

17th January 2012 |  Written by Dave Ashworth

How To Stop Form Spam Emails WITHOUT Using Captcha

If you have a website, you should have a contact form.  If you have a contact form, you will no doubt have encountered spam.  If you have encountered spam you’ll have pulled your hair out or bought something dodgy from Russia.

In any event, to overcome this you’re more than likely to have introduced a maths quiz or a lesson in reading hieroglyphics to your contact form, to ensure only humans fill them in – but it’s quite possible that at some point you’ll have put off people from filling (or being able to fill out) your form by making them decipher something like:

Essentially, you want to make it as easy as you can for your visitors to fill in your contact form, whilst making it as difficult as possible for spambots to get through your validation.

One technique that we have adopted of late has seen great success in doing this and (for now) we feel as though we’ve beaten the spambots at their own game.

When putting together a form that, for example, requests name, email & company – insert a text input box and whilst sticking to your naming convention, call this something like title.


<form>
<input id="this_title" type="text" name="this_title" value="" />
<input id="this_name" type="text" name="this_name" value="" />
<input id="this_email" type="text" name="this_email" value="" />
<input id="this_company" type="text" name="this_company" value="" />
</form>

However, use CSS to make the title field invisible to users – as it’s within the HTML, it will still be seen by bots and as it is the first field in the form, they will fill it in.

#this_title
{
display:none;
}

Then, in the script that deals with your form processing, just dismiss any form submissions where the title has been filled in:

$this_form_spam = $_POST['this_title'];

if ($this_form_spam == "")
{
// process the form and send email
}
else
{
// mock and laugh in the face of spam
}

So far so good, it appears to have a 99% success rate (give or take) and everyone is happy – you don’t receive spam and the spammers think they’ve spammed you.

ecommerce product page call to action

Your Comments

  1. Great idea!
    How come nobody has commented on this post? Am I the only one who is positive about this unconventional and simple solution? Or am I stupid and overlooking something, or is my poor internet connection here in Thailand not loading everything?
    Is it the reCaptcha to post this comment? ;)

    I had one (well, two) ideas.
    I recommend to give a unusual (weird) name/ ID to the invisible field to make sure it’s not filled out by the autocomplete service of some browsers. I don’t use it often, but remember in Google Chrome filling the first field with my name and it automatically entered other common fields like last name, email etcetera. Just an idea…
    And it might be unlikely, but if somebody visits your page and disables the stylesheet, it might be wise to add some note to tell the people not to fill this field.

    But thanks for this easy and interesting solution. I haven’t used it yet, but can’t see why it should not work.

  2. Thank you very much Dave I appreciate. I’m gonna use this technique and I’m pretty sure it will work successfully. The funny thing is, you just told me how to avoid spam message without using captcha and I can see captcha window right bellow this comment box, LOL

    Anyways, I agree with Tony (the above comment). Dave Ashworth have provided one of the best, simplest and logical explanation to avoid spam emails and no comments? strange! I’ll give 10/10 for his valuable post. and Please guys, show some respect and give your valuable comments to this person.

    Thanks again Dave :-)

  3. I agree with Dave,
    Nice simple solutions, seems to work ok, not been spammed yet.
    Thanks for sharing.
    Martyn

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>