Tips for Combatting Form Spam, without having to use Captcha

News Section - Tips for Combatting Form Spam, without having to use Captcha

Developer Blog from Mike Irving - Tips for Combatting Form Spam, without having to use Captcha

Captcha / Image Verification is a great way to combat website form spam, such as bot-generated enquiries that ultimately end up in your inbox.

You can see an example of a Captcha / ASP Image Verification technique on my Contact page.

However, some people take the view that forcing the user to enter some Spam Protection text, whether is be alpha-numeric or the sum of two numbers, isn't ideal.

For a start, it may put the user off using your form, or the user may enter the verification text incorrectly.

Also there may be issues with the "Captcha" rendering on occasions, or being blocked by an over-active anti-banner system.

There are a number of things you can do, both Server-Side and Client-Side, to reduce Form Spam without any user interaction.

Here are some tips:

Set a minimum delay between which a user could reasonably be expected to have returned the form, i.e. 10 seconds. Check the time spent filling out the form Server-Side once it has been submitted.

If the above fails, one way to combat multiple spam emails is to set a mximum number of form submissions per minute, again check this Server Side.

Check the Referrer of the Form to the Submission Page in your ASP / .Net Handler. If it's not from your site / contact page, it's probably spam, so you needn't send the email.

Don't set an action variable in the contact form, have JavaScript set it Client-Side upon Page Load.

Alternatively... Use Captcha / an Imaging approach.

If you are developing in Microsoft Visual Studio / Visual Web Developer, then Microsoft's ASP.Net Ajax Control Toolkit has a handy component called NoBot, which you can quickly and easily drop onto your form pages, to achieve some of the above techniques.