How to Stop Contact Form SPAM

The majority of the websites I develop for clients have contact forms on them for a variety of reasons. First, it’s more convenient for users to fill out a form within their browser window as opposed to requiring them to open up their email software to write an email from scratch. Second, it’s the primary method of measuring generated leads/conversions, and clients can require exactly the information they need to qualify leads. Third, by using a contact form, clients won’t have to publish an email address on the site for spam bots to harvest. However, contact forms are definitely vulnerable to being flooded with spam and that’s why I am writing this post on how to prevent exactly that. I use a variety of methods which tend to prevent 99% of automated spam submissions:

Step 1. Validate The Form Fields – Check to make sure all required form fields are filled out before processing the form. I posted about a generic form validation script awhile back, and I would still recommend it. It uses JavaScript to check that every required field is filled out and checks that the email address is formatted correctly. It’s simple and nothing fancy. However, it would not be very effective on its own since most bots bypass any JavaScript security measures.

Step 2. Validate The Referrer – If you are using a separate file to process the form, make sure to validate that the form is being submitted from the page with the contact form. This will prevent bots and spammers to automatically access the processing file to spam it. However, the referrer can easily be spoofed and often is, so this method alone is certainly not bulletproof.

Step 3. Hide Fields with CSS – Most bots and spammers will automatically fill out every form field that is on the page. One way to stop them is to insert a blank field in the form but hide with CSS “display: none;”. Add some code to your form processing file to check to ensure that the hidden field remains empty; if it’s not, it’s most likely filled out by a spammer and thus should not be processed.

Follow those 3 steps and you’ll be much better protected against contact form spam.  There are definitely additional measures you can use such as more complicated JS validation, CAPTCHAs, and asking simple questions that only humans can answer (1+2=?, what color is a cardinal?, etc.), but I’ll write more about those in another post.

JavaScript Generic Form Validation Script

Here’s a simple JavaScript form validation script that is easy to implement.  It’s not rock solid but it’s a decent solution for a lot of sites.

http://www.techtoolblog.com/archives/javascript-generic-form-validation

Styling Unordered Lists with CSS

I always seem to forget the steps I take in order to style unordered lists with CSS so I’m outlining the process below so I’ll always have it to check back on for future use. And maybe you’ll find it useful, too.

(Note: I ALWAYS use a “reset.css” stylesheet to strip out all of the browser-default styles. Doing so means that I won’t have to reset those styles in the declarations below.)

Style for UL

ul.class{
padding-left: 10px;
}

Style for individual listed items

ul.class li{
background-image: url(images/bullet.gif);
background-repeat: no-repeat;
padding-left: 8px;
background-position: 0 12px;
line-height: 20px;
padding-top: 5px;
padding-bottom: 5px;
}