HowTo: Add Spam Protection to Forms


While looking at the visitors log I discovered that someone came searching for “anti-spam for html form pages”. They landed to the page where I talked about the missing spam protection feature in Google Docs Forms. So I guess they must be disappointed to read that post as it doesn’t have the information they were looking for. So I decided to talk about how to make Forms secure and combat spam. I have learnt these techniques during my four years of blogging.

NoFollow and NoIndex Tags

If you have a form on your website’s contact page to collect user feedback. Then it would be wise to hide this page from search engines. If you are worried that what if there were visitors specifically looking for ways to contact your company or you then you should probably create another contact page with no form or provide the contact information on your main page.

You can hide your page from search engines by using a no follow tag on the link that leads to your form page and then by adding noindex meta tag. You can add this tag on the links and pages manually or add a few lines in your robot.txt file. This way the spammers wont find your page from search engines. Here is how to do that:

Lets say that your form is located at a page called “contact.php”, and you have links to your contact page in your site’s navigation menu and some pages. Then you will have to modify these links by adding a rel=”nofollow” attribute to your link.

<a href="" rel="nofollow">Contact</a>

Then create a robot.txt file and save it to your site’s main/root directory. Add these lines to your robot.txt file:

User-agent: *
Disallow: /contact.php

Then add a meta tag noindex in your contact page between <head> and </head> tags:

<meta name="robots" content="noindex, nofollow">

Using the meta tag on your page will tell search bots not to index your page. Read more about Robots Exclusion Standard or check out Google’s webmaster guidelines’ support page.

Human Identification validating techniques:

Using this technique you try to present a challenge to someone who comes to submit the form. This challenge is something simple like copying the code shown in an image file, or answering a simple question. The image verification is called CAPTCHA or reCaptcha. There are several hundered plugins and tools available that allow you to include CAPTCHA image verification to your forms. For example the official reCAPTCHA project offers you to sign up for an account and you can then add their image verification technology recaptcha on your pages. They also have plugins for various Content Management Systems such as WordPress, MediaWiki or phpbb. The site also has tutorials to teach you how you can add the code to your php pages and use it with other server side programming languages.

But if you are a total newbie and can’t configure an image validating script, then you should probably go for simple questions. In this method you add a field to your forms asking users questions like: “2+9=?” the user then enters 11 in the answer field and when they submit form you can check out their answer. If it is correct then the form gets submitted other wise user is taken back to the form. There are ready-made plugins available to do that too on various content management systems.

Do Not Use A Form

Just in case if you get tired of fighting spam or if you lack the skills to get spam protection configured properly. Then it is highly recommended that you use a contact page with no Form at all. Use the No follow tag for your contact page and your email address in image format like this:

If your users have something important to say they would email you. I know that people are lazy, they usually find it easy to just fill out a form and send rather than opening their email client and manually typing your email address. But trust me they will email you if they have something valuable to say. I personally feel that spending time and money on fighting spam is such a waste of resources. Millions of dollars are spent each year on sending spam messages and combating spam. I feel that if we start using techniques that do not give way to other people for exploitation then we would be indirectly adding to conservation of human resources.

Related Posts