How To Stop Form Spam Emails WITHOUT Using Captcha
If you have a website, you should have a contact form. If you have a contact form, you will no doubt have encountered spam. If you have encountered spam you’ll have pulled your hair out or bought something dodgy from Russia.
In any event, to overcome this you’re more than likely to have introduced a maths quiz or a lesson in reading hieroglyphics to your contact form, to ensure only humans fill them in – but it’s quite possible that at some point you’ll have put off people from filling (or being able to fill out) your form by making them decipher something like:
Essentially, you want to make it as easy as you can for your visitors to fill in your contact form, whilst making it as difficult as possible for spambots to get through your validation.
One technique that we have adopted of late has seen great success in doing this and (for now) we feel as though we’ve beaten the spambots at their own game.
When putting together a form that, for example, requests name, email & company – insert a text input box and whilst sticking to your naming convention, call this something like title.
<input id="this_title" type="text" name="this_title" value="" />
<input id="this_name" type="text" name="this_name" value="" />
<input id="this_email" type="text" name="this_email" value="" />
<input id="this_company" type="text" name="this_company" value="" />
However, use CSS to make the title field invisible to users – as it’s within the HTML, it will still be seen by bots and as it is the first field in the form, they will fill it in.
Then, in the script that deals with your form processing, just dismiss any form submissions where the title has been filled in:
$this_form_spam = $_POST['this_title'];
if ($this_form_spam == "")
// process the form and send email
// mock and laugh in the face of spam
So far so good, it appears to have a 99% success rate (give or take) and everyone is happy – you don’t receive spam and the spammers think they’ve spammed you.