5 Ways to Stop Form Spam

5 Ways to Stop Form Spam

Spam has become one of the unavoidable evils of the internet. Anyone with an e-mail address has had to deal with the occasional junk message. Though most e-mail providers have gotten better about filtering out spam e-mails, evil-doers still tend to find a way through now-and-again. Unfortunately, if you own a website with any type of contact form, there’s a good chance that you’ve received abnormal amount of unwanted e-mails delivered through it. Bots and other unsavory types crawl the internet looking for items like forms and unprotected e-mails that they can exploit to get their message across. If you get targeted by form spam, it can mean bad new for your inbox!

Unfortunately, the spam doesn’t stop there. Comment forms, bulletin boards and other such repositories for user-created data also tend to attract spammers from far and wide. The good news is that there are multiple ways to protect your website and your inbox.

5 Ways to Stop Form Spam:

1. Add a Captcha to your Form

form spam captcha

reCAPTCHA is Google’s popular captcha solution.

Perhaps the most popular and easy-to-use option is to add a captcha to your form. A captcha is a small test that you must pass to prove that you are a human filling out the provided form, rather than a bot or program. These captchas are usually images of slightly distorted words that you must enter correctly to continue. However, captchas are constantly evolving to stay one step ahead of the spammers. Now-a-days you’ll also see captchas that make pass more elaborate tests, such as choosing certain images or solving a math problem. Captchas are highly effective against automated form spam attempts, however if another person is choosing to fill out a form to send you unwanted mail, this will rarely stop them. Captchas are a great first line of defense though, and will block the majority of spam that you will receive through contact forms or comment forms.

2. Use a Honeypot

form spam honeypot

The “Anti-Spam Honeypot” option in Gravity Forms – a popular WordPress form plugin.

A “honeypot” is an appropriately-named way to trick automated programs into identifying themselves. This is usually in the form of a field that is hidden from the everyday user by way of styling or scripts. A spam bot that’s crawling your site looking for forms to exploit does not display styling or run scripts, so it will see this form that the typical user does not, and most of the time, fill out that field. Before the form is sent, it checks to see if this trap field is filled out. If it is, then it’s determined that it’s a bot, and the message is discarded. Many modern form services have started including honeypot options in their settings, so it’s as quick as clicking a button to get this level of protection enabled. Just as with captchas, this method prevents the majority of form spam, but will do nothing to deter an actual human being filling out your form.

3. Don’t Allow Links

Comment form spam typically includes a wealth of links that you wouldn’t want your website associated with. To help prevent spammers from spreading their links through your form, try adjusting your settings for links in comments. Many comment providers will include options such as:

  • Disallow links in comments entirely, preventing the user from submitting the comment until they remove the link
  • Mark any comments that include links as needing approval before they are posted
  • Remove the “website” field entirely, to not encourage users to add their links to their comments
  • Don’t create hyperlinks out of urls that are displayed in comment messages
  • Add the nofollow attribute to any links in comments to discourage spam and prevent any SEO benefit to spammers

4. Use a Service to Filter Form Spam

Form spam filtering optionsUsing a plugin, such as Akismet Anti-Spam for WordPress, is an excellent way to protect yourself against comment spam. Plugins like Akismet will grab all of the comments that come into your blog and look through them using their own very effective algorithm to determine if the comment is spam. If so, it will throw the comment right into the spam box so it doesn’t appear on your website. Other comments can be held for approval by you before they are posted. Since this method does a great job against protecting you from both human and bot spammers, it’s an excellent choice if it’s available to you and even better when paired with a captcha and/or honeypot.

5. Check Your Comment Settings

Another sure-fire way to discourage automated spam bots from hammering your blog posts is to require users to have an account to post. Whether this is a WordPress.com account for your WordPress backed website, or another commenting service on your blog, there’s often an option to require users to login first. It’s important to note that you also want to make sure the people who register for accounts must confirm that account with their e-mail address before it is activated and allowed to post. Most bots will use junk e-mail addresses that cannot be confirmed, and thus will not be able to create accounts or post.

There are a variety of other typical settings that can assist in your fight against form spam. Try looking for settings such as the following:

  • Only approve comments for authors that have already been approved
  • Only allow comments on new articles
  • Require users to enter a valid name and e-mail address
  • Black list comments with certain words

It’s important to note that often a combination of these methods is the best practice for securing your website forms. Plus, the fight against form spam is a constant one. Consider investing in a maintenance plan, or otherwise being vigilant about any updates provided by form or anti-spam services that you use to make sure you have the latest and greatest form security. Spam bots beware!

Do you feel like you’re losing the battle against spam? We can help! Contact us today to find out how we can help you protect your website and your inbox.

More Posts: