February 19, 2015
Spam-proofing Your Website Forms
Preventing spam on your website, email or blog can at times feel like a full time job in itself. Bots are relentless, diminutive little beings, and so is the case for spammers in general.
What Is Spam?
Spam is the internet’s equivalent of junk mail – it’s junk email (and messages and comments and tweets and posts) if you will. Normally, when we talk about spam, we are specifically talking about a flooding of the internet with lots and lots of copies of the exact same message, which is generally used to try and force this message onto people who would not otherwise choose to receive it. However, some people define spam even more broadly as any unsolicited message, email, comment etc.
In most instances, spam is used for commercial advertising, though usually these will be for questionable products, get rich quick schemes, or sometimes quasi-legal services.
As black-hat tricks go, it is a little, well, old (black) hat in this day and age. Indeed, we’ve all had to put up with spam attacks for years, and, frankly, they’re simply just more of a nuisance than any real threat. But, a nuisance they are – especially if it is your machine that becomes compromised and is set up as the unwitting launch pad for a spam attack.
The Honeypot Technique
One form of spam prevention is known as the Honeypot Technique. This is considered to be one of the fastest, easiest and most effective methods of preventing spam.
One of the best things about the technique is that it does not interfere with the user experience – something that some prevention techniques unfortunately do (see below). The Honeypot Technique requires no additional input from the user, and in fact they won’t even realise that you’re using it.
If you’ve got a form on your website that you want as many genuine leads to fill out as possible, then the last thing you want is for a load of spam bots filling them out and skewing your metrics with junk data.
To implement the Honeypot Technique you will need to get a little technical. What you will need to do is to add a hidden form field to the form in question. When a spam bot encounters a form, it will fill in every field it comes across – and so, the trick is to make one of those fields invisible. When a real user fills out the form, they won’t be able to see the invisible field, and therefore leave it blank. However, the spam bot will be able to see it, and will therefore fill it out, thusly alerting you and your system that the submission can be treated as spam.
Here’s an example of the CSS rule of the type that you will need to use when coding your form:
Spam Prevention Options To Avoid
As mentioned above, what is so great about the Honeypot Technique is that it does not interfere with nor at all degrade the user experience. It is completely hidden from the form and the site. It is an unseen sniper that picks off spam attacks in broad daylight without the general public having to know anything about it.
There are other options that you can use, of course. Some are equally effective in terms of detecting and deflecting spam, however they are not quite so good when it comes to user experience.
A captcha (completely automated public Turing test to tell computers and humans apart) is an image that displays text in a manner that is not easy to read. Another name for this is challenge text. We’ve all come across them, and when we do we are asked to type into the appropriate field the text that we can decipher with our human eyes that a spam bot cannot with its spammy ones. The challenge, as it were, is set – if we can complete it, then we verify to some extent that we indeed have a higher level of intelligence than a spam bot, and so must of course be human.
Spam bots have trouble reading this type of text firstly because they usually appear in an image rather than an html markup, and secondly because they are normally unaware that the form field in question is looking for a specific entry (i.e. what’s written in the image) and just fill it in with their usual junk.
Although a captcha is an effective way of shielding your site from spam, it nonetheless degrades the user experience. These types of forms are a nuisance to fill in, and indeed account for a number of bounces and page abandonments.
A second captcha-style option is to implement a question and an answer field. So, for example – your sign up form may include the question: What colour is the blue sky? A human should be able to answer that question very easily, whereas a spam bot won’t, and, again, will just fill the field with junk, and thusly be denied access to your site.
Spam, unfortunately, is not going anywhere anytime soon. However, there are a few techniques that you can use to prevent the attacks on your website, and by far the best one is the Honeypot method, which does not interfere with the user experience of your site at all. It is the least invasive method, and, since you always want to keep your users in mind, then that’s the one to go for.