Web Form Spam: What It Is and How to Prevent It

The internet has evolved a lot over that past 25 to 30 years.  We have upgraded from slow wired connections to high-speed Wi-Fi connections and the tools available have made it much more convenient to surf the internet and quickly find the information we are looking for.  The internet has also had a major impact on businesses of all types as online marketing opportunities have made it easier for businesses to reach and even interact directly with their customers.

However, there is one problem that has been around for as long as people have been using the internet, spam.  Spam comes in many forms including spam emails, direct messages, comments, and social media posts.  One type of spam that is especially aggravating for businesses is form spam.  Many businesses and institutions have contact forms on their websites for visitors to leave comments, sign up for newsletters and submit requests for their services.  These contact forms can be targeted by spammers and spambots, leading to dozens, or even hundreds, of spam form submissions in your inbox.

Spam form submissions are annoying because they can skew your true form submission numbers and bury legitimate form submissions.  In this guide, we will explain what form spam is and what you can do to prevent spam from taking over your form submissions.  Working with a web design professional like Proceed Innovative can help you identify issues with form spam and get suggestions on how you can prevent it.

What is Form Spam?

Form spam is the submission of website forms by human scammers or spambots with malicious intent.  The information in these form submissions is false and they may contain abusive language, ads to other websites, or links to phishing websites and sites that download malware.  There are several reasons scammers target websites with spam including spreading malware, stealing personal information, placing invisible links, and even hijacking control of the website.

Hacker - Cyber criminal

How is Spam Done?

Spam can be spread manually by human users and it can be spread by spambots that are programmed to search for and attack website vulnerabilities.

  • Manual spamming: Manual spamming is when humans fill out and submit web forms manually with false information and harmful links. In many cases, manual spammers are attempting to build links back to a specific website, but they may also spread malware and links to malicious websites.  It is very difficult to stop manual spammers because they can get past many anti-spam measures like CAPTCHA.
  • Spambots: Spambots are programs that automatically search the internet for forms, comment sections, and other avenues to submit their information. These bots can be programmed to leave junk text and links in form submissions and comments, and they can perform more malicious activities such as taking personal information, spreading malware, or hijacking control of a website.  This form of spam is easier to stop because bots have a difficult time getting past certain anti-spam measures.

Why is it Important to Stop Form Spam?

It is beneficial for your website and your visitors to stop form spam.  One reason is because form spam can affect your website in ways that harm the user experience.  If your website has unmoderated submission of comments and testimonials, both can be filled with spam messages that contain advertisements, junk text, and links.  Users will become annoyed by the presence of spam and engage less with your website.  High spam traffic and submissions can also slow your website and bury legitimate contact forms that will make you slower to respond to real users.  Users will become frustrated if it takes too long for you to respond to their form submissions.

web spam

Another reason stopping form spam is important is because it can badly skew the analytics data for measuring website traffic and lead generation.  Spam form submissions artificially inflate the number of leads your website generates and someone has to take the time to go through each submission to find legitimate forms.  The inflated traffic numbers can also make it difficult to tell how much legitimate internet traffic your website attracts.

The next reason you need to stop form spam is to protect your website and your visitors from malware.  Links left in comments and form submissions may lead to phishing websites or websites that install malware or steal personal information.  The presence of these links on your website puts visitors at risk.  Spammers can also use form spam to gain control of part of your website and insert invisible links that give them an SEO advantage.

Tips for Preventing Form Spam Submission

Form spam is both annoying and potentially dangerous for your website and your visitors.  The following actions can help you prevent form spam on your website.

Offer Contact Forms Instead of an Email Address

It is important to give your visitors a way of contacting you, and it is safer to do this through contact form submissions than by displaying your email address.  If your email address can be seen on your website, spammers and spambots will find the address and send spam directly to your inbox.  Using contact forms will allow your users to reach you directly via form submissions and many have built-in security measures that will help block spam submissions.

Install Google reCAPTCHA

web formOne common anti-spam measure that was used for a long time was CAPTCHAs, which were tests designed to distinguish human users and prevent bots from submitting forms.  CAPTCHAs were effective for blocking bots, but they became an annoyance to users as some CAPTCHAs were difficult to figure out and would take users an extra 10 to 30 seconds to fill out and submit a form.  The use of these CAPTCHAs led to an overall decrease in form submissions.  Spambots also eventually learned how to bypass CAPTCHAs.

For these reasons, Google ended the CAPTCHA but introduced a spam protection measure called a reCAPTCHA.  The reCAPTCHA is a button that simply asks users to click to confirm that they are not robots.  This is easier and less time consuming for users and still effective for blocking most spam submissions.

Use Honeypots

Honeypots are a great spam protection alternative to CAPTCHAs and will not inconvenience your users in any way.  Basically, honeypots are bits of coding that display additional forms that appear only to spambots.  When this additional form appears, the spambot will automatically fill out all the fields and submit the form.  Once the form is submitted, the presence of the additional information will cause it to become flagged and rejected automatically so you don’t have to waste your time with spam submissions.

Legitimate users will not be bothered by honeypots because they are programmed to only appear to bots.  Using honeypots will create a more convenient experience for users because they will not be bothered by the hidden form and you won’t need to use a reCAPTCHA.  This can help increase the number of legitimately submitted forms.

Use Questions in Form Submissions

Adding a form field that includes a simple question is another effective way to protect against spam forms.  Make sure the question is one that can be easily answered by almost anyone.  A common type of question used in forms is a simple math question such as 2+2= with a small field to enter the answer.  If your website attracts international traffic, make sure this question is translated into as many languages as necessary to accommodate your visitors.

Don’t Allow Links

As mentioned in the previous section, one of the main goals of spammers is to place unauthorized links on websites.  One way to stop this is to not allow links in form submissions, testimonials, and comment sections.  This is effective for stopping spambots and manual spammers who are trying to add links to your website.

Confirm Email Addresses

Spammers and spam bots often use fake or throwaway email addresses on contact form submissions.  You can protect against this by adding an extra step to the submission process to confirm user email addresses.  You can do this by sending an email immediately to the email address given on the form with a link to complete the submission.  Users must log into their email and open the message to click on this link to complete the form.  Most bots will not take this extra step, and neither will human spammers if the email address they are using is fake.

You can also install plugins that can detect fake email addresses, new email addresses, and email addresses that have been used for malicious or manipulative behavior.

Use Time Analysis

You can help distinguish spam form submissions from legitimate form submissions by implementing time analysis to track the amount of time it takes to fill out and submit the form.  In general, it should take humans longer to fill out a form than a spambot that will fill every form field instantly.  The time tracking should start when a user has clicked on the form and end when the form is sent.

The one problem with this is that the autocomplete option allows legitimate users to fill out forms almost instantaneously which can make it difficult to tell this from the submission of a spambot.  To use this protection method effectively, you need to do some research to find the average time it takes a human to fill out and submit a form.  You can also add a question or reCAPTCHA which will cause humans to take a couple extra seconds to complete.

Limit and Block IP Addresses

You can help stop spam coming from a single source by limiting IP addresses to a certain amount of form submissions within a given timeframe and blocking IP addresses that exceed this limit.  You can also outright block IP addresses immediately if their activity is suspicious.

Protect Your Website from Form Spam by Working with the Web Design Professionals of Proceed Innovative

Proceed InnovativeStopping the submission of form spam will improve the functionality and user experience of your website and protect you and your users from malware and malicious actions.  These measures will also yield more accurate data for website traffic, lead generation, and form submissions that will help you better manage your digital marketing campaign.

In order to implement the spam protection methods discussed above, changes must be made to the backend of your website.  These methods require coding or the installation of a plugin.  If you do not feel comfortable making these changes to your website, you should contact a web design professional like Proceed Innovative.

At Proceed Innovative, we provide complete digital marketing services that include web design and maintenance as well as search engine optimization (SEO) and website analytics implementation and consulting.  Our web design experts can add the codes and plugins to your website to implement these spam protection measures, and our SEO team can analyze your website analytics to look for abnormalities that could indicate spam activities.  If you need a new website, we can design and build a website that incorporates these measures to protect against form spam from the day your website is launched.

Give us a call at (800) 933-2402 or submit a contact form to learn more about our web design services.

Share Button
proceed innovative cerftificate most promising web design and development provider