Simple Ways To Reduce Contact Form Spam
About every three weeks or so, I have a client or website owner ask me if there is anything I can do about the masses of contact form spam they seem to receive on a daily basis. As I'm sure you can appreciate, stopping spam completely will never happen however here are a few simple tricks and solutions I use to cut down the spam they receive.
Check Form Fields For Popular Spam Phrases Such As Viagra or HTML/BBCode, etc
A lot of spam follows a similar pattern, it will include common phrases such as "viagra", "cialis" or HTML tags, BBCode, script tags and so on.
Almost every legitimate user filling in a contact form won't have need for these tags/words so you can easily set up a IF check in your code to check for these backlisted terms and stop the email from being sent if they are found.
In your error message you can offer a phone number or direct email address to push any legitimate users back in the right direction.
Use Hidden Field Inputs Such As "Address" To Stop Automation
Using a simple IF statement, we can block any forms that have something entered in the "address" field.
Block Nuisance IPs or Offending Countries
Typically spammers operate over a large range of IP addresses however some IPs can be repeat offenders and can be blocked using a simple Disallow rule in your .htaccess or the "IP Address & domain restrictions" page on IIS.
You may also spot that particular countries are hotspots for spam on your forms which can also be blocked however this is an extreme measure and the pros and cons of losing such a large user base must be weighed up.
Block Offending User Agents
Again, just like IP addresses you may notice certain unusual user agents that frequently submit spam on your forms - you can block these from accessing your website however changing a user agent is very very easy and this technique probably won't save you from any above average spammer/bot.
A Word On Capchas & Spam In General
A common go to these days is to implement capchas as a method of fighting spam. These simple word checking systems have become prolific over the internet however they act as a massive roadblock to common users - especially if your user base consists mainly of new visitors (think ecommerce stores) who don't yet have loyalty or a high tolerance to guess your cryptic word images.
Over the years, I've become disillusioned with capcha systems as they seemingly get harder and harder to guess correctly (Yes Google...I'm looking at you!).
I would strongly suggest against the use of a capcha as the return is simply not worth the potential for losing potential customers who may struggle to guess them right.
Spam messages can be annoying however unless you're being flooded with thousands a day then you should be able to continue as normal and not risk losing potential customer emails/leads via your contact form.