Spam, spam, spam! Web form spam

Article Summary

Everyone’s website contact forms are under increased spam attacks. Web form spam is on the rise, but it is different now. There are two types of spam you receive from your website contact forms: bot and manual spam. Make your forms more complex to battle manual spam.

Web Form Spam: Bots

We’ve all heard the word ‘bot.’ A bot is an automated piece of code that automatically fills in the fields on your website contact form and then sends.How to Discourage Web Form Spam from Bots

Several techniques can be used to prevent form bots, CAPTCHAs, form bot traps, or even double opt-in forms.

This year, during our client monthly maintenance, we added bot traps to all client forms. Two types of bot traps that we added are hidden fields and honeypots.

You cannot see a hidden field or a honey pot on your form. These elements are not visible in the front end. But bots see them! The automated software will either get ‘trapped’ in the honeypot by filling out the field. When this happens, you never see the spam. The server knows to deny that attempt immediately.

If a bot gets past the honeypot, the next challenge is a hidden field. Bots must type the exact hidden field phrase. If not the correct phrase, the bot cannot complete the form.

We’ve locked your forms down from bot spam. What you are receiving now is spam from humans filling out your form and hundreds like yours every hour.

Web Form Spam: Manual

Manual spam, also called human spam, is what most website forms are combating in 2024. It is not an automated code or a bot, but rather humans are completing your forms. Humans can answer questions, click checkboxes, and auto-fill messages. Manual  spammers have risen in popularity because browsers offer increasingly sophisticated autofill options.

You’ve probably appreciated not having to type your name, email, phone, etc. in forms because it automatically fills for you (setting and browser dependent). A human spammer, depending on your form, can auto-complete your form in seconds.  It is possible to turn off autofill, but it is not recommended as it is often useful for visitors to your site.

For a long time, form philosophy was to “make the form easy.” You would not want to deter a visitor from reaching out.  This philosophy still prevails if you do a Google (or AI) search, but the tide is turning. At NG Media, we are keeping up-to-date with recent recommendations.

The emerging philosophy is to make your contact forms more complicated and, therefore, less susceptible to autofill.

This means you should ask your visitors specific questions and try to understand their needs upfront through your form. What service(s) are you interested in? Where did you hear about us? Are you ready to begin your project? Would you like us to contact you by phone or email?

Those kinds of questions cannot be auto-filled. Only you have the content knowledge about questions you would like answered from the visitor.

How to Discourage Web Form Spam from Manual Spammers

The best defense against manual spam is more complicated forms with unexpected fields and requests for information. We have clients that rarely, if ever, get spam. Here are a few examples. See if you can see why:

Web Forms Should be More Complex

Website forms should evolve into more complex interactions with the visitor. This includes more checkbox or select options, applying conditional logic to form fields, and even step-progress forms. An earnest visitor hopes you will see their inquiry in the end, and will not mind the more personalized form experience.

Let us know how we can help with your forms!

A quick outline of the topics covered in this article.