Spam has been getting progressively worse, and a significant number of form submissions are now spam.
After spending several months this year working on reducing spam across multiple sites, we want to share our most effective and advanced techniques.
3rd Party Spam Plugins
Leverage a third-party (either free or paid) system to filter out spam for you. Note that some plugins filter spam before the form is submitted, while others do so afterward.
Examples: Cleantalk, Akismet for WordPress
Block Emails & Domains
Block specific email addresses or domains. For instance, domains ending in .ru might have a higher likelihood of spam.
Block Repeat Offenders
In some cases, the same email address may be repeatedly sending spam. Ensure you maintain a blacklist of these email addresses.
Captcha
Experiment with various methods to distinguish humans from bots. Consider using:
- Simple Math
- Recpatcha
- HCaptcha
- Cloudflare Turnstile
Email Verify Forms Before Saving
This method is more complex to implement, but depending on your business needs, it can be effective. After a form is submitted, your system sends an email that requires the visitor to confirm their submission by clicking on a link. Only after this verification will the form data be saved to your database and a confirmation email sent.
Filter Words
Forms containing spammy words, code, terms, or URLs should be blocked.
Firewall
Use a firewall to restrict access to the form. You might also consider blocking access from certain countries.
Honeypot
Add a hidden form field that only bots can see. If this field is filled out and not left blank, you can block the submission.
Multi Step Form
Most bots are not sophisticated enough to navigate a multi-step form. Implementing this can help block harmful bots and reduce spam.
Password Protect Form
This option may only be suitable for certain businesses. Consider requiring a password to access the form.
Randomize Form Names & Fields
Bots and spammers often rely on the form’s code and field names. Regularly changing your form fields' names and IDs can help prevent spam.
Time Based Validation
Validate the time it takes to submit a form. For example, if a form with five fields is submitted in five seconds or less, it is likely not a human.
Track Submissions and Find Patterns
Monitor your spam submissions over time to identify patterns and adjust your security settings accordingly. Pay attention to the data being submitted, the IP addresses, countries, and the sources of your traffic.
