Are you tired of receiving form spam? You are not alone and should not feel you are doing anything wrong. You are just trying to conduct business and making your customer experience as enjoyable as possible. Here are a few tips to help you in your quest.
Form validation is a good start. You will need to validate the information on the client and server side. Some clients have JavaScript disabled and spambots do not use the SUBMIT button. Server side validation consists of checking all the fields before it is sent to email. However, this means you will need to create specific mailer programs for each form that has different fields.
CAPTCHA is great! However, in order to accommodate people with poor vision and also color blind people, CAPTCHA is just a step in the process. You should make your CAPTCH simple enough not to hinder your customers. Just having any form of CAPTCHA on your forms will chase away the casual spambots.
Another idea is to change the name of your mailer program. Godaddy uses gdform as the name of the mailer program. Change it to another name, like mygreatform. Now call mygreatform from the action part of your HTML form. However, this will just chase the spambots looking for gdform within the action part of forms.
Here is another simple trick I have used in the past. Create a hidden field that only spambots can see. This is not hard to do. Add the following to your HTML form: <input type=’text’ name=’mycomments_2′ id=’email_2′ value=”> . This will create a field on the form that viewers will not be able to see, but spambots will fill out. Now, handle the field.
Handling the field is straight forward in PHP. Within the form mailer program, before anything gets started. Add the following test:
if(strlen($_POST['mycomments_2']) != 0) { header(“Location:
http://anywhere/"http://anywhere you want.com”); }
If you are using a hosting plan mailer, you want to place the above script inside both the
“$request_method == “GET” and “$request_method == “POST”
, that way you get the spambots regardless of how they send them spam.
I would recommend using all the above. The most difficult to implement will be the CAPTCHA; however, the others should only take about 30 minutes. Remember, your forms are for your customer’s convenience and should not become an obstacle. So, do not become so infatuated with form security that your customers no longer want to fill out your forms.
Enjoy and please let everyone know how you deal with form security.