My website’s contact form is getting spam submissions

Posted on by

I’m going to preface this by saying that having forms on your website is a great idea. Just know that by doing so you will get some spam emails come in, just as you do legitimate ones.

Types of spam

The most common types of spam you’ll get from your form are ones promoting their services – which are almost always a terrible idea to follow up on. Get to the top of Google, or Fix your Love Life, or Cheap Web Design Today – all emails you’ll probably want to trash.

I’m getting ALOT of spam from my contact form

Now, if you are receiving a lot of spam from your form it’s likely because your form is wide open to abuse. Bots can be programmed to auto-fill and auto-submit forms on your website, and a particularly persistent one can do so faster and more regularly that a human can, resulting in a huge flood of spam emails.

To stop the deluge you have several options

Add a hidden form field

Create a form field that appears only for the bot – and not for humans. Since bots read the HTML of a website, you can use some styling tricks to hide the field from human view. Then, if that field is filled out in the submission, your form processing script will know if was filled out by a bot.

Add a captcha

Add a captcha – a form of skill testing question – designed to be easy for humans and hard for bots. This does have the knock-on effect of annoying your legitimate users, but a small price to pay for those who suffer from a lot of contact form spam. Google’s reCaptcha is a good option, but you can always do something a little simpler – how about a skill testing question?

Use sessions or cookies

I like to set what’s called a ‘nonce’, or a number used only once which is tied to the current website guest. Because only guests will have this nonce, you can test for it on your form processing script.

WordPress

The popular WordPress contact forms all offer some spam mitigation options. I recommend most users go with Gravity Forms, and their captcha option is pretty solid. Plus, Gravity Forms allows you to build some pretty complex forms, and it will log all of your submissions – something that’s critical for Request a Quote, Request for Information, and other form submissions that you definitely DO want a record of.

 

Written by Shawn Wernig

Shawn Wernig

Lead Creative at Eggplant Studios

Shawn Wernig is the lead creative behind Eggplant Studios. While not full time (let's face it, more than full time) designing websites for his clients, Shawn enjoys good beer, double-doubles, and hiding from his phone.