Stop spam without the use of capture

Sept. 1, 2010 - PRLog -- With time your form becomes a goal of people or programs that will try SPAMMING using your form. With the right form data validation they won't be spamming from your form to other people, but you can finish a getting of random junk form submissions yourself.


» CAPTCHA
http://phpforms.net/tutorial/tutorial.html

A visual CAPTCHA is often used for a spam separation. CAPTCHA is a bitmapped image with random numbers and/or letters.

But there are several issues used in the visual CAPTCHA and unless you have a high-volume website you should try using simple checks instead. Even W3C suggests using different possibilities and approaches.

» The simple alternative

But if you have a high-volume website you can try to use a simple text confirmation code.

All what you need is an input field and a PHP code to check the entered code. Here is an example code for the HTML form:

Access code: < input /><  br />

Please enter < b>MYCODE above.

Then you can simply the check if the entered code matches, with a PHP help. Please, compare the code in lower-case to avoid issues with a typing in CaSe SeNSiTiVe code:

If (strtolower($_POST[‘code’]) != 'mycode') {die('Wrong access code');}

The form will be submitted only after the time, when the person enters the correct access code.

» This is too easy and ineffective, isn’t it?

You can say that this is very easy way and spammers won't have any problems typing in the access code. But remember two things:

  1. The most of spammers use automated programs ("spam-bots"). While you have a high-traffic web-site with a lot of users it is very unlikely that anyone will create “spam-bots” to read and post your specific access code just to send SPAM to one user.
  2. If SPAM in your form is provided by an actual human it doesn't matter if you are use Captcha because this person can read it, that’s why it doesn’t matter what security level it has. Luckily SPAM provided by human is a very rare event, these people are too lazy and get preference to program spamming on a large scale.

If your form is getting spammed, please try this method at first, instead of a visual Captcha, you will be surprised by the effectiveness of this method.

For the people you want to provide more secure, here it is some methods you can do it:

  1. Access the code changing from time to time.
  2. Access the code on some other page placing, not the one the form is on. For example instead of as suggested above
     Please enter MYCODE above.
     Please, write something like this:
     You will find the Access code on our "about us" page.

     Then you may place something like this on your "about us" (or some other) page of your website:
     Access code for our contact form is MYCODE

     Such way you separate the access code from the form and it makes even less sense for anyone to create spam-bots to target your website specifically.

This is a good alternative to Captchas, you may try it. Later you can try other methods if it doesn't work for you.

# # #

PHPForms is a web form builder that allows anyone to create email forms within just a few minutes. You will only need to create a PHP form and generate a code that can be easily copied and pasted to any web page.
http://phpforms.net/tutorial/html-basics/php-forms.html