Nobody likes spam. It is obnoxious, annoying, and a waste of time. Unfortunately, anyone with a website that contains a form has had to deal with it at some point. It doesn’t matter what the form is for—lead generation, customer service or a simple newsletter signup—there will always be spam submissions.
In this post we will review some proven techniques and updated methods on combating spam form entries.
When building a form for your site, paying attention to the fields used and their purpose can help reduce the risk of spam entries before the first entry.
Using a multi-page form is beneficial as it can help verify longer forms for legitimacy. This helps by tripping up any spam bots at multiple validation points, reducing their chances of submitting the form. Multiple pages is something to use for longer forms, especially for ones that may collect payment or other sensitive information as a later step.
Often forms require a person’s email address as an input. While it is not difficult for a spam bot to add a made-up email, having a user enter it twice or verify it by receiving a message can trip them up. There are also third-party service providers that can offer more advanced email validation services.
URLs in Entries
Frequently, spam has the goal of prompting or tricking users into clicking on malicious URLs. It is always a good idea to be skeptical about any URL in an entry, especially if a URL is not requested. Reviewing and validating form entries for URLs can be an indicator of spam.
A honeypot is a technique used to lure spam bots into a trap by including a field which is hidden from visitors but is visible to bots. This can catch a lot of the less sophisticated spam bot’s attempts, and can be relatively simple to implement. Most form management tools include this as an option. It works by simply copying an existing field that is then visually hidden. If the form is submitted with the hidden field filled out it can be flagged as spam as only a bot should have seen it.
Captcha challenges were specifically designed to stop bots from being able to complete a form by giving a task not easily completed by a computer but simple for a person. These usually include a visual task asking a user to identify obscured letters or images that contain objects. These work to great effect, but can hurt the user experience of the form as it requires the user to complete an additional task.
The most commonly used Captcha challenge is reCaptcha managed by Google. As mentioned above, it gives users a simple visual task to complete. While this does slow down the conversion process, the information gained from the challenge helps improve it for the future. There is even invisible reCaptcha that allows forms to verify if an interaction is legitimate without any additional user input.
Spam filters continue to improve more and more each year. There are many third party services out there that offer various levels of spam protection. These offer much more advanced techniques that would be difficult to manage on your own such as IP Blacklist, Content Filters, and Machine Learning.
These should be able to catch the majority of spam from form entries, but no spam filter is perfect. You can improve your site spam filter by helping it recognize any that manage to get through by marking these entries as spam. The more examples it has to pull from, the better it will be able to recognize spam from legitimate entries.
These techniques used together should block the vast majority of any spam entries. Reviewing and revisiting periodically will help you maintain and improve your website’s form. With the spam entries out of the equation, you can save time, improve lead quality and conversion rates, and spend more time focusing on what matters most, your users and your customers.