If you run a blog or website, you probably have a contact form. If you have a contact form, you’re probably getting the occasional spam email.
Some of the bloggers I know have embraced the spam as part of running the website. They see a new email from their site, have that moment of excitement, then realize it’s just junk and delete it.
Others try to combat it. They add spammers to their junk filter or add a CAPTCHA to their forms. But then their legitimate users complain about emails that can’t get through or unreadable CAPTCHA gobbledegook.
Perhaps the worst outcome – some of my friends and colleagues fall for the spammer’s message. They read the email as a legitimate person offering business services or a profitable partnership, and get taken for a ride.
In this post, I’ll explain how you can identify spam messages and prevent them in the future.
What Form Spam Looks Like
You can ask yourself the follow questions when reviewing an email from your site’s contact form:
- Are there a lot of typos?
Everyone makes mistakes, but a message littered with consistent misspellings or odd phrasings is more likely to be spam. - Did they use a real name?
If the person who filled out your form used only a first name, or no name at all, it’s probably spam. - Does it contain any suspicious links?
Look at the links contained in the message. Do they look short and friendly, or are they long and jumbled? The latter is a good indicator of spam. - Is the offer too good to be true?
Spammers know what business owners need – more publicity and more time. Be wary of offers that seem to solve all of your problems, as exciting as they can sound. - Is the subject line attention-grabbing?
Clickbait-y subject lines make you more likely to open the message, and spammers know that.
Why You’re Getting Form Spam
Spammers have something to gain from bothering you – your click. Often the website they link to isn’t the one it appears to be, and may try to capture some of your information. Other times they run a scammy business-to-business model that takes advantage of busy entrepreneurs who need to outsource some of their work.
However, it’s unlikely that this is a targeted attack on you or your website. Spammers can purchase hundreds or thousands of bots to crawl websites, find forms, and paste in a template message.
How to Stop Form Spam
Earlier in this article, I talked about using CAPTCHAs to prevent form spam, and that’s certainly one way to do it. However, I’m never in favor of inconveniencing humans due to robot mischief. So here are a few ways to prevent form spam without annoying your real, human visitors.
Easy: Use a Honeypot
This is number 1 for a reason, as it’s my go-to for almost all sites. A honeypot is an invisible field on your form – humans can’t see it, but bots can. And those form-hungry bots will fill out the field, and get shuttled right into Spam where they belong.
Gravity Forms has a built-in honeypot setting you can enable on your forms, which is just part of why it’s my favorite form plugin.
If you’re using Contact Form 7, you can use the Contact Form 7 Honeypot plugin for the same effect, but you’ll have to do a little bit of configuring on your own. Check out a video guide for setting it up here.
Ninja Forms also adds a honeypot to all forms by default.
Medium: Add Akismet to Your Forms
Akismet is Automattic’s answer to spam. (You might also know Automattic as the people who make WordPress). It’s that little plugin you see installed by default whenever you set up a WordPress site. Akismet is cloud-based anti-spam software that processes data from millions of websites to learn what spam looks like and get better at detecting and preventing it.
Setting up Akismet is easy, and you can follow the steps at Akismet.com.
When Akismet is active on your site, it automatically works in the background with any Gravity Forms you’ve set up.
With Contact Form 7, you’ll need to do a little work yourself to integrate Akismet. You can find instructions for setting it up here.
Here’s an example of a normal email field in Contact Form 7:
[email* your-email]
This is what it looks like once you’ve added the akismet tag:
[email* your-email akismet:author_email]
Unfortunately, Ninja Forms doesn’t currently integrate with Akismet.
Difficult: Add an “I’m not a robot” Test
Google recently released a better version of reCAPTCHA. Instead of asking people to read street signs or answer math problems, this version presents a simple checkbox with the text “I’m not a robot.”
If you’re curious how it works, the full answer is technical but the simple answer is that Google can predict how a human would move their mouse to click the checkbox as opposed to how a bot would check the box.
I’m still not a fan of inconveniencing users to stop bots, and this solution does have some potential drawbacks to visually impaired or physically disabled users of your site, but if you need serious Spam protection and the first two options aren’t enough, it’s a solid choice.
Gravity Forms includes a simple reCAPTCHA field that you can add at the end of a form, just like you’d add any other field.
You can also add a reCAPTCHA to Contact Form 7, but, again, you’ll need to do a little work. You’ll want to get a secret key from Google, insert it into the Contact Form 7 Integrations area of your website, and add a [recaptcha] tag to your form.
The process is similar for using reCAPTCHA with Ninja Forms, but instead of adding a tag at the end, you’ll see a new field option.
Overall, the easiest way to prevent spam in your forms is to start by using Gravity Forms, since it has so many built in anti-spam features already. How do you prevent spam in the forms on your site? Have you had success with one of the methods above, or something else completely?
I use Beep.IM as a contact form site where I direct my potential clients. Let someone else do the hard work while I work on answering mails that need to be answered.
Another alternative is to use AI (artificial intelligence) to weed out spams. I use Ivertech Spam Free Contact (https://spamfreecontact.ivertech.com) which has AI built-in to recognize spams. I just needed to copy one line of HTML code and paste it to my site. It has Google reCAPTCHA as well. It’s surprisingly easy to set up.
Thank you!
Good content.
I am curious how one can stop messages that look like they have been sent by you, i.e from (your email) to (your email) via contact forms with compromising messages.
Obviously the sender is cloaking their email address and getting past captcha, so how can you stop this?
I am going to be doing a post about and will backlink you.