Web Administrator's Guide
Wednesday, December 04, 2013
How do I block junk form submissions from my site?
Yes, actually there is. It will require you to place a small amount of HTML code inside of your form and should eliminate the vast majority of junk responses you are getting from your online forms.
How to use it...
Go to your form page and click Source on the editor toolbar. Then you can use CTRL+F (Windows) or CMD+F (Mac) to search for "</form>" and it should be highlighted for you so you can click your mouse on the line just above the </form> tag and copy and paste the following piece of HTML code and then save your page:
<div class="hidden"><textarea name="EmailBotInfo"></textarea></div>
Note: Be sure you only use this code 1 time within a form. Using it more than once within a form will cause the form to not submit properly.
What it is...
First, a little bit of background on this problem: Basically there are two primary causes - 1) Programs or "bots" (a.k.a. spambots) comb through the code of webpages looking for forms or email addresses and use scripts to fill out the forms and submit or send emails 2) Humans used in place of bots or who are trying to market or sell something. It should be noted that because of the expense, humans are rarely used in place of bots and this is much more likely to occur on an online discussion forum or a page with a comments area. There are many ways to prevent the junk form submissions from being sent and generally a combination of a few of them is necessary to eliminate close to all of them. The method we use for the system-generated Contact Us page and are suggesting in this article will mainly prevent the submissions by bots. It is not effective against human spam submissions and unfortunately, not much is, including Captcha images which end up stumping more legitimate form submitters than anything else.
How it works...
This small piece of code adds a text area to your form which has a special CSS style applied to it that makes it totally invisible to human submitters. Since bots are reading the code of the page and not seeing the UI of the form (User Interface - what humans see and use), they will generally enter some value into every field of the form just in case some or all of the fields are required. This allows them to submit the most amount of forms in the fastest amount of time. But, since bots are not usually intelligent enough to piece together the CSS information with the associated form field, they don't know that they shouldn't put something in there. In the technical world, this is known as a "honeypot". When the server tests to see if there is a value in that particular form field and finds that there is, the form submission is simply discarded. The bot thinks all is well and moves on to the next form/page/site.
Why this instead of Captcha or other types of human intelligence tests...
The "honeypot" method is preferred over Captcha and other types of HITs due to the fact that it requires no action on the legitimate form submitter's part. Simply put, fewer barriers to human submission equates to higher quality and quantity of submissions.